DNS Collector


DNS Collector is a tool for handling DNS traffic data on UNIX-like systems. The application extracts raw DNS packets from TCP/IP traffic. Acquired DNS packets are passed to individual modules for further processing.


The application can be used everywhere it is necessary to process DNS traffic. Particular deployment depends on modules being used.

Input Data

The application handles:

The application de-fragments packets and keeps track of TCP connections. It is able to capture traffic on multiple network devices. However, it does not allow to combine traffic from network interfaces and archived traffic. Archived traffic may be compressed by gzip or xz.

Limitations: When processing archived traffic, the application cannot handle multiple archives at once.

Processed data can be filtered using a pcap-filter within the application.

Reconstructed raw DNS data are equipped with additional information (obtained from network and transport layers) and are passed to modules for further processing.

Processing in Modules

Loadable modules are used to process raw (in wire format) DNS data. Several modules can coexist within a single collector application. Modules can be loaded and unloaded without the interruption of the main application. Modules can be configured by additional parameters thus better controlling their function.

Modules can have their own library dependencies (e.g., libldns) in order to process raw DNS packets.

Modules can be written in C or C++. Within the distributed source code there is a module capable of executing Python scripts. This scripts can be used for processing of captured DNS traffic. Python scripts can become useful in developing new functionality. You can exploit all benefits of Python by sacrificing a certain amount of performance.

Available Modules


DNS Collector can be run as:

The application can be configured via NETCONF protocol. However, this feature is in an experimental stage of development. The code for this feature is available in one of the feature git branches.


The application can be installed from source code.

Getting the Sources

Source code is available from a git repository:

git clone https://gitlab.labs.nic.cz/dns-collector.git

Code in master branch is the most stable one. Branch develop contains general enhancements and most recent bug fixes. Feature branches contain experimental functionality.

Compilation and Installation

First, the configuration script must be generated:

cd dns-collector


make install

To generate a listing of supported functionality run:

./configure --help

Additional Information

For more information on how to write own modules, information about the function of supplied modules and usage examples read through the project's wiki.