Disclaimer: Any mention of commercial products within NIST web pages is for information only; it does not imply recommendation or endorsement by NIST.
The Measurement Factory is a group of network experts which produce a collection of network metrology tools as well as conducting large scale Internet research projects. The main focus is on DNS, but tools that capture HTTP statistics are also developed and maintained. For the SNIP, the DNS Statistics Collector (DSC) is used by the admins to monitor DNS traffic going to the NIST site servers: snip1.dnsops.gov and snip2.dnsops.gov.
DSC consists of 2 separate tools: A statistics collector and a presenter. The statistics collector uses libpcap to generate datasets as separate XML files, then copies them to the presenter tool, which may exist on a separate host. The file transfer is done via HTTPS or rsynch. The presenter collects the data files, formats them and presents the data with a web (CGI) interface. More information (and links to download the tool) can be found on the DSC tool page.
In addition to the tools, The Measurement Factory also produces several research reports that would be of interest to DNS administrators. Including an ongoing survey of of known cache poisoners on the Internet.
DSC runs on the NIST SNIP servers to collect DNS traffic statistics on both snip1.dnsops.gov and snip1.dnsops.gov. There is only one single presenter on snip1, with the presenter on snip1. The XML dataset files from snip2 are transfered to the presenter via rsynch.
Since the presenter is on the same host as one of the collectors, a modification was needed to transfer the XML dataset files from the collector directory to the presenter directory. The following is a simple patch file that serves as a replacement for the upload-rsynch.sh or update-x509.sh files in the libexec directory in the DSC home directory:
#!/bin/sh
set -e
#et
-x
PATH=/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export
PATH
PROG=`basename $0`
PREFIX=/usr/local/dsc
mv
$PREFIX/var/run/*.qtype.xml $PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.certain_qnames_vs_qtype.xml
$PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.client_addr_vs_rcode.xml
$PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.direction_vs_ipproto.xml
$PREFIX/data/snip1/dnsops.gov/
mv $PREFIX/var/run/*.do_bit.xml
$PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.edns_version.xml $PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.opcode.xml $PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.rcode.xml $PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.rd_bit.xml $PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.transport_vs_qtype.xml
$PREFIX/data/snip1/dnsops.gov/
mv
$PREFIX/var/run/*.rcode_vs_replylen.xml
$PREFIX/data/snip1/dnsops.gov/
Then use the above script in a cron job instead of update-x509.sh or update-rsynch.sh scripts. This script is run to move the selected dataset files to the presenter for parsing. Not every dataset file is moved or collected - only those files that are of interest to the SNIP admins are collected.
Last updated 16/06/2008. Questions or comments should be sent to SNIP
administrators