DNS Flood Detector was developed to detect abusive usage levels on high traffic
nameservers and to enable quick response in halting the use of one's nameserver
to facilitate spam.
DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor incoming
dns queries to a nameserver. The tool may be run in one of two modes, either
daemon mode or "bindsnap" mode. In daemon mode, the tool will alarm via syslog.
In bindsnap mode, the user is able to get near-real-time stats on usage to aid
in more detailed troubleshooting.
A /etc/rc.d/rc.dnsflood daemon control script is aditionally included.