[dns-operations] friday version of dnscap

Paul Vixie paul at vix.com
Sat May 5 03:15:37 UTC 2007 

this has the select() fix, and has been tested on freebsd and suselinux.

it now requires libbind.a, so you may have to rebuild your bind9 with the
"--enable-libbind" option.  i therefore changed an NS_PUT32 back to the
original ns_put32, since that symbol will now be present.

it no longer dumps to stdout unless "-d -" is given as a command line
option.  the man page describes this.

there is now a -? option to display the full help text, and the default
help text on a usage error is quite a lot shorter.

there is a new -g option that turns on dig-style output to stderr.  i've
wanted this a dozen times over the years, so thanks, somebody, for asking
for it.

there is a new -o option to read offline files (like tcpdump -r).  you can
say "-o -" to read from stdin.  this combines rather nicely with tcpdump,
so you can now use dnscap's filtering to postprocess output from tcpdump.

i hope we're getting close to done, so that i can slap a version number on
this thing, put a tar.gz file in a stable location, and let loose the hounds
of /usr/ports et al.  the only things it still needs are both "someday items"
which are glob-like pattern matching to select only queries matching
specified domains, and tcp support.  but i'm ready to be educated as to
other ways that this thing should not go out in its present form.

i've updated <http://public.oarci.net/tools/dnscap> to include anoncvs
instructions, and also the updated tar.gz file.

-------- demo

#sa:amd64# ./dnscap -c2 -g
;@ 2007-05-05 03:12:07.229823 - 44 octets via bge0 (msg #1)
;: [213.56.45.253]:1023 -> [204.152.184.135]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 500
;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      2.1.1.193.rbl.maps.vix.com, type = A, class = IN
;--
;@ 2007-05-05 03:12:07.230104 - 318 octets via bge0 (msg #2)
;: [204.152.184.135]:53 -> [213.56.45.253]:1023
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 500
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 0
;;      2.1.1.193.rbl.maps.vix.com, type = A, class = IN
rbl.maps.vix.com.       1H IN DNAME     blackholes.mail-abuse.org.
2.1.1.193.rbl.maps.vix.com.  0S IN CNAME  2.1.1.193.blackholes.mail-abuse.org.
.                       6D IN NS        F.ROOT-SERVERS.NET.
.                       6D IN NS        J.ROOT-SERVERS.NET.
.                       6D IN NS        A.ROOT-SERVERS.NET.
.                       6D IN NS        H.ROOT-SERVERS.NET.
.                       6D IN NS        E.ROOT-SERVERS.NET.
.                       6D IN NS        I.ROOT-SERVERS.NET.
.                       6D IN NS        M.ROOT-SERVERS.NET.
.                       6D IN NS        D.ROOT-SERVERS.NET.
.                       6D IN NS        K.ROOT-SERVERS.NET.
.                       6D IN NS        L.ROOT-SERVERS.NET.
.                       6D IN NS        C.ROOT-SERVERS.NET.
.                       6D IN NS        B.ROOT-SERVERS.NET.
.                       6D IN NS        G.ROOT-SERVERS.NET.
;--

--------

More information about the dns-operations mailing list