.TH DNS-TERROR 1 "February 2000" Fastresolve.SH NAMEdns-terror \- fast log file IP address resolver.SH SYNOPSIS.B dns-terror[\-v...] [\-orsz] [\-d db\-file] [\-c adns\-conf\-str] [\-m mark\-size] [\-p parallel\-queries] [\-f skip\-fields].SH DESCRIPTION.B dns-terrorreads log files, resolves the IP addresses that areresolvable, and optionally writes the results back out.Optionally it reads and saves the results in a DB file,to cache results between runs..PPIt reads IP addresses to resolve from the standard input, one perline.  Other data on a line before or after the IP address is ignored(although it may be passed through with the \-o option)..PPBefore running.BR dns-terror ,it is best to run.BR unlimit ,because this program can use a lot of memory and create large files(depending on the size of the input files)..PP.B dns-terroruses the.B adnslibrary (a parallel, asynchronous resolver) and cachesthe results in a tree structure in memory for speed..SH OPTIONS.IP "\-p parallel\-queries"Set the size of the query pipeline.  Defaults to 1000 outstanding DNSqueries.  When this number of queries are outstanding, the programwaits for one of them to complete before it reads another input line.Experiment with different values to find the optimal one for yourenvironment.  The optimal value depends at least on the response timesof the DNS servers you are using and the speed of your CPU.  A goodapproach is to run repeated tests with \-d '' (no DB file cache) onthe same log file, increasing the value of \-p each time until youfind a point where higher values no longer result in significant timesavings or increased CPU utilization..IP \-oCopy the input lines to the standard output with IP addresses resolved.In this mode, the \-p option is multiplied by 20 to determine themaximum number of log lines that may be buffered in memory beforeforcing the program to wait for the first buffered line's outstandingDNS query to complete.  The default is 1000 times 20, or 20,000 lines..IP \-zWrite the output in gzipped form.  This only has an effect when the\-o option is given.  If you would have gzipped the output fileimmediately after resolving it, using this option instead is faster.Automatic gunzipping of the input to.B dns-terroris not currently supported..IP "\-f skip\-fields"Skip skip\-fields blank-separated fields at the start of each line beforeexpecting an IP address.  Default 0.  Useful for processing W3C formatlog files, such as IIS 4 produces..IP \-vIncreases output verbosity each time it is given, up to 3 (currently).The more, the messier..IP "\-d db\-file"Save results to DB file db\-file.  Defaults to ip2host.db.  If givenas the empty string (\-d ''), no DB file is used, and the results arelost when the program exits..IP "\-m mark\-size"Print a notice every mark\-size input lines.  During the drain timeat the end, after all the input lines have been read, print a noticeafter every 1/10 of the remaining DNS queries that are outstandinghave been answered or timed out..IP \-sSync the cached results to the DB file on disk at each mark..IP \-rRead in only positive cached results from the DB file, to make anotherpass at resolving the negative ones..IP "\-c adns\-conf\-str".B adnsconfiguration string to use instead of /etc/resolv.confand the various optional environment variables.One or more lines in a format like resolv.conf,with directives:.spnameserver domain search.spplus some additional directives:.spsortlist options clearnameservers include.spOne approach is to make an alternate conf fileand use \-c "include adns.conf".  Also,.B adnsas of v0.6 reads /etc/resolv-adns.conf (if it exists) after/etc/resolv.conf..PPIf an unofficial patch (supplied with this package) is applied to.BR adns ,the following.B adnsoptions are available (separate them with blank space if giving morethan one):.sp.IP udpmaxretries:NMaximum number of times to retry a (UDP) DNS query before giving up.Default 15..IP udpretryms:NNumber of milliseconds between retries.  Default 2000 (2 seconds).Thus, the default timeout for a query is 15 times 2000 milliseconds =30000 milliseconds, or 30 seconds.  That is a fairly long time to waitfor a DNS query to complete or timeout.  Faster performance willresult from reducing udpmaxretries to produce a timeout more in the10-15 second range; however, some responses will be missed that way,so the percentage of IP addresses successfully resolved will besomewhat lower..PPOn a single processor machine,it is generally faster to use remote nameservers rather than a localcaching nameserver (127.0.0.1).  A local caching nameserver will havecached a few addresses that are needed, but not most of them.  Formost addresses, it will have to go out to the remote ones anyway, andso it's just an unnecessary intermediary (using the same CPU)processing the queries.  Since.B dns-terrordoes its own caching,it's best to ignore a nameserver on the loopback interface andspecify a list of nameservers using \-c.  On a multiprocessormachine, there may be an advantage to using a local nameserver..PP.B dns-terrordoes negative caching in the DB file; unresolvable IP addresses havean empty value in the file.  Each DB file entry contains a timestampof when it was written, preceding the value (hostname).  It is storedin host byte order, since processing large files over a network filesystem is dumb.  Old entries should be removed periodically using.BR expire-ip-db ..PP.B dns-terrorignores the time-to-live on nameserver records.  The TTL could bestored in the DB file, but it is questionable whether that wouldprovide a significant gain in accuracy, and it could negate much ofthe speed benefit of the DB file..SH FILES.IP ip2host.dbDefault DB file for caching results..IP /etc/resolv.confDefault resolver configuration..SH SIGNALS.IP SIGHUPcloses and reopens the DB file (useful if it was rolled)..IP SIGTERMcloses the DB file without saving, and exits..SH "SEE ALSO"convert-ip-db(1), dig(1), expire-ip-db(1), make-report(1), db_intro(3), resolver(5).SH BUGSThere is a tradeoff between completeness and running time.  It wouldbe prudent to compare the output of this program with the output of asimpler resolver until you are confident that your configuration of itis working well.  You might use.B digto spot-check some addresses that are not resolved, and/or use the \-voption to.B dns-terrorto check on why (name server failure, no response, etc.)..PPAll cached results from the DB file are held in memory for speed,so the program's memory footprint can become large..SH AUTHORSDavid MacKenzie <djm@web.us.uu.net>.Thanks to Josh Osborne <stripes@eng.us.uu.net> for ideas and anearlier implementation.Please send comments and bug reports to fastresolve-bugs@web.us.uu.net.