AnalogX
QuickDNS
QuickDNS
QuickDNS
QuickDNS

QuickDNS

version 2.01
version 2.01
version 2.01
version 2.01

version 2.01

Documentation

Documentation


Please note, AnalogX QuickDNS (QDNS) is a command line utility. This means even though it creates an item on the Start Menu, it's really meant to be used from the command line. You can, however, modify the properties of the Start Menu shortcut in order to run it without using the shell.

If you're a site admin, or analyze your own webserver logs, you've more than likely discovered Analog, one of the best log analyzers around, plus it's free! The AnalogX QuickDNS (I'm no relation to Analog, it's just a coincidence) is a little utility to speed up the only part of Analog that takes any time, the DNS lookup (where it resolves IP addresses into machine/domain names). The way QuickDNS accomplishes this is by performing several DNS lookups at the same time.

A couple notes on the program... First off, it sorts the DNS file by IP address, this dramatically speeds up checking for duplicate IP's in the log analysis phase. Now, when QuickDNS analyses logs, it doesn't really do it in a preprogrammed way, like Analog does, but instead tries to identify the IP address heuristically. I've tested it on several types of log files, without any snags, but if you have a problem, the make you're running the latest version, and if you are, then email me and we'll work it out. One other handy feature is the QuickDNS get's all of it's parameters out of the Analog config file, so you don't need to bother with maintaining to log files. QuickDNS is interested in the following parameters only:

    LOGFILE         Name of the log files to process (wildcards supported)
    DNSFILE         Name of the DNS file
    DNSGOODHOURS    Number of hours before refreshing good lookups
    DNSBADHOURS     Number of hours before reattempting lookup on failure

You only really need the LOGFILE and DNSFILE, the rest are optional. For optimal performance, add the following line to your config file:

    DNS READ

This causes Analog to only read DNS entries, not add any or attempt to resolve any that it doesn't know. Also, remember that you need to run QuickDNS BEFORE you run Analog, so I would recommend putting it on the line before Analog in whatever script or batch file you execute.

There are several command line options (which can be listed by typing QDNS /?) that you should be aware of:

    /A [IP Address]         Lookup an IP address (IP->Name)
        ex: qdns /A 209.63.163.20

    /N [Domain Name]        Lookup an Domain Name (Name->IP)
        ex: qdns /N www.analogx.com

    /D [DNS Filename]       Process DNS file (resolve unknown)
        ex: qdns /D dnsfile.txt /Y x.x.x.x

    /Y [IP Address]         Specify DNS server to use for lookups
        ex: qdns /F dnsfile.txt /Y x.x.x.x

    /L [DNS Filename]       Process just one log (requires /D also)
        ex: qdns /D dnsfile.txt /Y x.x.x.x /L ..\ex990602.log

    /T [Count]              Number of concurrent lookups (def: 100)
        ex: qdns /F dnsfile.txt /Y x.x.x.x /T 500

    /G [Config Filename]    Run an Analog config file
        ex: qdns /G analog.cfg /Y x.x.x.x

    /S [Config Filename]    Strip all unresolved lookups
        ex: qdns /G analog.cfg /Y x.x.x.x /S

    /Z [Type]               Sort the DNS file
        ex: qdns /G analog.cfg /Y x.x.x.x /Z 1

While most are pretty self explanatory, a couple need a bit more detail. Process a DNS file (/D) is for times when you want to resolve ALL of the unknown domains only. It ignores the last date, but will update the last attempt to the day it's run on. Sort the DNS file (/Z) requires a type for how the sorting will occur; the types are:

    0       Natural sorting, this is how QDNS prefers the log and will result in faster loading
    1       Sort by time
    2       Sort by IP address
    3       Sort by Domain name

It's also important that /T used to be the number of threads that would be used; the new version however has it's own internal DNS routines, so it no longer uses the additional overhead of multiple threads. The big upside to this change is you can increase the total number of concurrent connection; the faster your Internet connection, the more you can run. It will retry and failed lookup 3 times, so if you saturate your connection, you should still resolve everything correctly. QDNS also will report any DNS failures it encounters - when resolving a large list you're normally run across a couple, so it's nothing to be concerned with.

For an idea of how to use this with analog, here's what I do (from a batch file):

[donew.bat]
@qdns /G new.cfg /Y x.x.x.x
@analog -G +gnew.cfg
[end]

Basically what this does is process all of the IP addresses before analog does anything, then once it's done, it hands that data over... Another config I use is this:

[resolve.bat]
@qdns /D dnsfile.txt /Y x.x.x.x
[end]

What this will do is search through all the unresolved IP addresses in the DNS file, and try to resolve them again... You can do this automatically by just setting the DNSBADHOURS in the config file, but sometimes I like to do it manually as well.

If for some reason what you type in doesn't seem to be working, the most common mistake people make is that the file is either not in the same directory (or in the path), or they are using a case-sensative OS (so instead of 'QDNS' try 'qdns', or vice versa).