Submitted by admin on


dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) format. This utility is similar to tcpdump(1), but has a number of features tailored to DNS transactions and protocol options. OARC uses dnscap for DITL data collections. Some of its features include:

  • Understands both IPv4 and IPv6
  • Captures UDP, TCP, and IP fragments.
  • Collect only queries, responses, or both (-s option)
  • Collect for only certain source/destination addresses (-a -z -A -Z options)
  • Periodically creates new pcap files (-t option)
  • Spawns an upload script after closing a pcap file (-k option)
  • Will start and stop collecting at specific times (-B -E options)

Distribution Packages

Packages for Debian, Ubuntu and RPM (CentOS, Fedora, RHEL, SLE and openSUSE) can be found here:

You can also find it in the FreeBSD ports system (dns/dnscap).


The following releases of the DNSCAP software are available for download along with the changelog.

File Date Size
dnscap-2.2.0.tar.gz August 23, 2023 748K
dnscap-2.1.3.tar.gz June 27, 2023 722K
dnscap-2.1.2.tar.gz June 15, 2023 719K
dnscap-2.1.1.tar.gz February 3, 2023 718K
dnscap-2.1.0.tar.gz September 9, 2022 718K
dnscap-2.0.3.tar.gz June 13, 2022 717K
dnscap-2.0.2.tar.gz March 8, 2022 717K
dnscap-2.0.1.tar.gz March 11, 2021 716K
dnscap-2.0.0.tar.gz February 12, 2021 716K
dnscap-1.12.0.tar.gz October 22, 2020 691K
dnscap-1.11.1.tar.gz August 20, 2020 656K
dnscap-1.11.0.tar.gz June 1, 2020 652K
dnscap-1.10.4.tar.gz March 2, 2020 641K
dnscap-1.10.3.tar.gz October 2, 2019 641K
dnscap-1.10.2.tar.gz August 5, 2019 641K
dnscap-1.10.1.tar.gz July 8, 2019 641K
dnscap-1.10.0.tar.gz December 3, 2018 647K
dnscap-1.9.0.tar.gz February 28, 2018 522K
dnscap-1.8.0.tar.gz February 7, 2018 522K
dnscap-1.7.1.tar.gz December 27, 2017 483K
dnscap-1.7.0.tar.gz December 19, 2017 476K
dnscap-1.6.0.tar.gz December 1, 2017 458K
dnscap-1.5.1.tar.gz August 21, 2017 458K
dnscap-1.5.0.tar.gz June 06, 2017 434K
dnscap-1.4.1.tar.gz March 29, 2017 422K
dnscap-1.4.0.tar.gz February 27, 2017 417K
dnscap-1.3.0.tar.gz December 23, 2016 397K
dnscap-1.2.0.tar.gz October 27, 2016 386K
dnscap-1.1.0.tar.gz October 11, 2016 375K
dnscap-20160205.tar.gz February 5, 2016 103K

See sha256.txt or sha512.txt for checksums.

The DNSCAP software is licensed under the BSD license.


See for instructions how to install the software and the included manual pages on how to run the software.

Code Repositories

You can clone the code repositories from GitHub:

$ git clone

Users Mailing List

Users interested in staying on top of dnscap development can subscribe to the dnscap-users mailing list.