On Thu, Sep 20, 2012 at 12:27 AM, John Levine <johnl(_at_)taugh(_dot_)com>
wrote:
So, anyone got server log [IP,timestamp] data they can share?
I have [IP, # of queries] on a daily level from DNS query logs from
dnswl.org, eg in a file named "2012-08-03.aggregate":
| 178.63.223.135 1
| 219.255.134.101 4992
| 156.45.254.31 80
These are the numbers we see at the authoritative servers, ie after
caching by (mostly "medium" in your terminology) local resolvers. We
only collect about a third of the logs (we are only interested in
relative numbers, so that is not an issue for our own purposes).
Despite sanity checks, there are about 1% odd IPs, eg from those who
forget that they should use reverse-nibble notation for the lookups,
funny internal IP addressing schemes leaking out, DNSxLs trying to
look up whole ranges etc).
We also have data in the same format for the DNS server IPs that
actually query our servers.
We keep this data for about a month (the higher aggregated data, ie
sender magnitudes, top query sources etc are kept in the DB for
longer).
<shameless plug>We do not yet collect data on IPv6. If you want to
help us to change that, see
http://www.dnswl.org/news/archives/26-Do-you-want-to-support-the-dnswl.org-project.html</shameless
plug>
-- Matthias
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg