Submitted by admin on Wed, 02/03/2016 - 15:35

DSC (originally developed by The Measurement Factory and now developed by DNS-OARC) is a system for collecting and exploring statistics from busy DNS servers. It uses a distributed architecture with collectors running on or near nameservers sending their data to one or more central presenters for display and archiving. Collectors use pcap to sniff network traffic. They transmit aggregated data to the presenter as XML data. dsc is configurable to allow the administrator to capture any kind of data that he or she chooses. A sample configuration is included that captures the following data:

  • Query types
  • Response codes
  • Opcodes
  • Source addressess or subnets
  • Query name TLD
  • EDNS parameters
  • Known types of DNS "pollution"
  • Message sizes
  • IP transport
  • TCP/UDP ports

The dsc source code is maintained by DNS-OARC. A few sample screenshots are shown below: