[dns-operations] Access to DNS-Logs

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Jul 15 07:08:56 UTC 2009

On Tue, Jul 14, 2009 at 04:36:34PM -0500,
 John Kristoff <jtk at cymru.com> wrote 
 a message of 28 lines which said:

> The name server process presumably has also gone through the trouble
> of ensuring what is logged is well formed, otherwise it'll log an
> error.  Unless you have a good library, you have to interpret and
> rebuild much of this from a pcap,

And, if you program in C, you have a lot of security risks, for
instance with buffer overflows. In the wild, many packets are badly
formed, either by error or by malice (for instance, DNS packets with a
compression pointer going outside of the packet). See the list of
security bugs of Wireshark to get an idea. You really need to program
in paranoid mode.

More information about the dns-operations mailing list