[dns-operations] looks like -b as the default is a winner (dnscap)
Paul Vixie
paul at vix.com
Sun Nov 11 06:18:52 UTC 2007
at the oarc meeting in LAX recently (on friday-after-icann), i asked if it
would be ok to change the ascii output format of dnscap so that it was always
"brief" (currently enabled by the -b option) and never "dig like". to wit:
#sa:amd64# ./dnscap -r foo.1194760956.041581 -b -g -
[62] 2007-11-11 06:02:36.041581 [#0 foo.1194760956.041581 0] \
[204.152.187.1].56506 [192.42.93.30].56506 \
dns QUERY,NOERROR,48251 \
1 flowersphere.com,IN,MX 0 0 0
[212] 2007-11-11 06:02:36.046255 [#1 foo.1194760956.041581 0] \
[192.42.93.30].53 [204.152.187.1].53 \
dns QUERY,NOERROR,48251,qr \
1 flowersphere.com,IN,MX 0 \
4 flowersphere.com,IN,NS,172800,ns1.domainservice.com \
flowersphere.com,IN,NS,172800,ns2.domainservice.com \
flowersphere.com,IN,NS,172800,ns3.domainservice.com \
flowersphere.com,IN,NS,172800,ns4.domainservice.com \
4 ns1.domainservice.com,IN,A,172800,208.79.78.12 \
ns2.domainservice.com,IN,A,172800,208.49.40.12 \
ns3.domainservice.com,IN,A,172800,64.49.213.231 \
ns4.domainservice.com,IN,A,172800,208.49.40.13
[62] 2007-11-11 06:02:36.047861 [#2 foo.1194760956.041581 0] \
[204.152.187.1].54031 [64.49.213.231].54031 \
dns QUERY,NOERROR,61609 \
1 flowersphere.com,IN,MX 0 0 0
vs:
#sa:amd64# ./dnscap -r foo.1194760956.041581 -g -
;@ 2007-11-11 06:02:36.041581 - 62 octets via foo.1194760956.041581 (msg #0)
;: [204.152.187.1]:56506 -> [192.42.93.30]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48251
;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; flowersphere.com, type = MX, class = IN
--
;@ 2007-11-11 06:02:36.046255 - 212 octets via foo.1194760956.041581 (msg #1)
;: [192.42.93.30]:53 -> [204.152.187.1]:56506
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48251
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; flowersphere.com, type = MX, class = IN
flowersphere.com. 2D IN NS ns1.domainservice.com.
flowersphere.com. 2D IN NS ns2.domainservice.com.
flowersphere.com. 2D IN NS ns3.domainservice.com.
flowersphere.com. 2D IN NS ns4.domainservice.com.
ns1.domainservice.com. 2D IN A 208.79.78.12
ns2.domainservice.com. 2D IN A 208.49.40.12
ns3.domainservice.com. 2D IN A 64.49.213.231
ns4.domainservice.com. 2D IN A 208.49.40.13
--
;@ 2007-11-11 06:02:36.047861 - 62 octets via foo.1194760956.041581 (msg #2)
;: [204.152.187.1]:54031 -> [64.49.213.231]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61609
;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; flowersphere.com, type = MX, class = IN
--
the audience of about 50 people yawned and cared not one whit, even those few
who knew what dnscap was and knew what dig was. when pressed, several folks
said, "yes, yes, do it, now shut up and sit down".
apparently, as long as it's easy to pull apart with a perl script, nobody
cares if it looks like "dig" or looks like my home grown brand of spaghetti.
so, i've removed the -b option, removed any possibility of dig-like output.
thank you for playing "dnscap roulette".
see http://public.oarci.net/tools/dnscap/ for anoncvs instructions. and note
that any OARC member, not just the secretariat, can have edit/publish privs
on the public.oarci.net web site, so if you have tools or papers of your own
and no better place to put them, ask admin at oarc.isc.org for an account there.
More information about the dns-operations
mailing list