Augmenting network flow with passive dns information

What is claimed is: 1 . A method for encoding domain name information in flow records, the method comprising: receiving a flow record, the flow record including initial network flow information in a flow record format comprising at least a source address and a destination address; retrieving domain name information associated with each of the source address and destination address from a database; and encoding the domain name information in the received flow record while maintaining the initial network flow information to yield an enhanced flow record. 2 . The method as recited in claim 1 , further comprising distributing the enhanced flow record having the encoded domain name information to one or more network devices and storing the enhanced flow record in a flow record repository. 3 . The method as recited in claim 1 , wherein the retrieved domain name information comprises one or more fully qualified domain names. 4 . The method as recited in claim 1 , wherein the enhanced flow record is a flow record following customized Netflow format. 5 . The method as recited in claim 2 , wherein the domain name information includes a domain name suffix string and wherein retrieving the domain name information comprises filtering the retrieved domain name information based on one or more domain name suffix strings. 6 . The method as recited in claim 5 , further comprising analyzing a plurality of the enhanced flow records stored in the flow record repository according to a user specified criteria. 7 . The method as recited in claim 2 , further comprising analyzing a plurality of the enhanced flow records stored in the flow record repository to identify one or more domain names associated with sources of network traffic growth. 8 . The method as recited in claim 6 , wherein the user specified criteria is associated with a user-specified collection of network resources or services. 9 . The method as recited in claim 2 , wherein the enhanced flow record is distributed to one or more network devices identified in a distribution list. 10 . The method as recited in claim 6 , wherein analyzing the plurality of the enhanced flow records further comprises aggregating two or more of the enhanced flow records based on one or more domain name suffix strings. 11 . A monitoring system comprising: a monitored network comprising a plurality of devices; a database for storing domain name system (DNS) information; and one or more network monitoring devices communicatively coupled to the monitored network and to the database, wherein the one or more network monitoring devices are configured and operable to: receive a flow record, the flow record including initial network flow information in a flow record format comprising at least a source address and a destination address; retrieve domain name information associated with each of the source address and destination address from the database; and encode the domain name information in the received flow record while maintaining the initial network flow information to yield an enhanced flow record. 12 . The monitoring system as recited in claim 11 , further comprising a flow record repository communicatively coupled to the one or more network monitoring devices, wherein the one or more network monitoring devices are further configured and operable to distribute the enhanced flow record having the encoded domain name information to one or more network devices and to store the enhanced flow record in the flow record repository. 13 . The monitoring system as recited in claim 11 , wherein the enhanced flow record is a flow record following customized Netflow format. 14 . The monitoring system as recited in claim 12 , further comprising a user interface communicatively coupled to the one or more monitoring devices, the user interface configured to obtain traffic analysis criteria from a user. 15 . The monitoring system as recited in claim 14 , wherein the domain name information includes a domain name suffix string and wherein the one or more network monitoring devices configured and operable to retrieve the domain name information are further configured and operable to filter the retrieved domain name information based on one or more domain name suffix strings. 16 . The monitoring system as recited in claim 15 , wherein the one or more network monitoring devices are further configured and operable to analyze a plurality of the enhanced flow records stored in the flow record repository according to the traffic analysis criteria. 17 . The monitoring system as recited in claim 12 , wherein the one or more network monitoring devices are further configured and operable to analyze a plurality of the enhanced flow records stored in the flow record repository to identify one or more domain names associated with sources of network traffic growth. 18 . The monitoring system as recited in claim 16 , wherein the traffic analysis criteria is associated with a user-specified collection of network resources or services. 19 . The monitoring system as recited in claim 11 , wherein the one or more network monitoring devices are further configured and operable to periodically distribute an annotated flow template defining a plurality of fields comprising the enhanced flow record. 20 . The monitoring system as recited in claim 16 , wherein the one or more network monitoring devices configured and operable to analyze the plurality of the enhanced flow records are further configured and operable to aggregate two or more of the enhanced flow records based on one or more domain name suffix strings.