[dnscap-users] Upcoming major release - not dependent on libbind anymore & FQDNs anyone?

Jerry Lundström jerry at dns-oarc.net
Thu Dec 17 13:36:48 UTC 2020


TLDR;
- Next major release changes/breaks `-g` output for EDNS0
- Answer Ya or Nay on using FQDN everywhere?

Hi all,

While my email about a week ago was wrong, appears I wasn't far off :)

Next dnscap release will be a major release, it will now depend on LDNS
for DNS parsing instead of libbind.

This is to fix the segfaults that happens in libpcap under OpenBSD
because of a symbol overwrite between OpenBSD's libc and libbind.

I also cleaned up the EDNS0 output of `-g` to better conform with the
overall output and make it easier to parse with external software, in
doing so this release is backwards incompatible.

See new output with EDNS0, EDNS0 ECS and an unknown option below.

LDNS renders hostnames as FQDN so I had to tweak it to not break all of
the output but my question to the list is, maybe that is OK?

So, who wants FQDNs in the output and who's against it?

Cheers,
Jerry

[115] 2020-12-11 15:50:16.857274 [#0 test.pcap 4095] \
	[fd00::242:ac11:8].47599 [2620:fe::9].53  \
	dns QUERY,NOERROR,53079,rd|ad \
	1 google.com,IN,SOA 0 0 \
	1
.,4096,4096,0,edns0[len=28,UDP=4096,ver=0,rcode=0,DO=0,z=0],edns0opt[ECS,family=2,source=64,scope=0,addr=2001:2002:4e45:7af6::],edns0opt[code=10,codelen=8]


More information about the dnscap-users mailing list