I added a new feature to dnstop today that filters on "refused" response codes. This might
be useful in tracking the ongoing DNS-based DDoS attacks.
To use this new feature:
dnstop -R -f refused eth0
tarball at http://dns.measurement-factory.com/tools/dnstop/src/dnstop-20090128.tar.gz
DW