[dnscap-users] DNSCAP release 1.5.0

Jerry Lundström jerry at dns-oarc.net
Wed Jun 7 06:03:18 UTC 2017 

Hi all,

Added support for writing gzipped PCAP if the `-W` suffix ends with
`.gz` and made `-X` work without `-x`. New interface for plugins to tell
them what extensions are available and a new plugin `rzkeychange`.

  https://www.dns-oarc.net/files/dnscap/dnscap-1.5.0.tar.gz
  6dd3359a73b4f13846b045493262fabb88a1e4c49ffd2b66e43a2f3b623af651

Plugin extensions:
- Call `plugin_extension(ext, arg)` to tell plugin what extensions
  exists
- Add extension for checking responder (`is_responder()`)

The rzkeychange plugin was developed by Duane Wessels 2016 in support of
the root zone ZSK size increase. It is also being used in support of the
2017 root KSK rollover and collects the following measurements:
- total number of responses sent
- number of responses with TC bit set
- number of responses over TCP
- number of DNSKEY responses
- number of ICMP_UNREACH_NEEDFRAG messages received
- number of ICMP_TIMXCEED_INTRANS messages received
- number of ICMP_TIMXCEED_REASS messages received

Other fixes (author Duane Wessels):
- 232cbd0: Correct comment description for meaning of IPPROTO_AH
- 181eaa4: Add #include <sys/time.h> for struct timeval on NetBSD

Packages are available at:

  https://dev.dns-oarc.net/packages/

Commits:

1d894e2 Make -x and -X work correctly together and update man-page
34bc54c Make the -X option work without requiring a -x option.
f43222e Fix CID 1440488, 1440489, 1440490
aa54395 Update pcap-thread to v2.1.3
81174ce Prepare SPEC for OSB/COPR
21d7468 New plugin rzkeychange and plugin extensions
38491a3 Config header is generated by autotools
419a8ab Small tweaks and fixes for gzip support
1967abc updated for earlier BSD versions
f135c90 added auto gzip if the -W suffix ends with .gz

Commits during development of rzkeychange (author Duane Wessels):
- 620828d: Add rzkeychange -z option to specify resolver IP addresses
- 1f77987: Add -p and -t options to rzkeychange plugin to configure an
  alternate port and TCP. Useful for ssh tunnels.
- 2a571f1: Split ICMP time exceeded counter into two counters for time
  exceeded due to TTL and another due to fragmentation
- e4ee2d3: The rzkeychange data collection plugin uses
  `DNSCAP_EXT_IS_RESPONDER` extension to know if an IP address is a
  "responder" or not, because when dnscap is instructed to collect ICMP
  with -I, it processes all ICMP packets, not just those limited to
  responders (or initiators).
- cee16b8: Add ICMP Time Exceeded to counters
- ad8a227: Counting source IPs has performance impacts. #ifdef'd out for
  now add ICMP "frag needed" counts
- c25e72b: Implemented DNS queries with ldns. First there will be some
  test queries to ensure the zone is reachable and configured to receive
  data. Then a query naming the fields, followed by the periodic queries
  delivering counts.
- fd23be7: Make report zone, server, node command line argumements
  mandatory
- 137789b: Adding rzkeychange plugin files

Cheers,
Jerry

More information about the dnscap-users mailing list