headers
Dave Plonka | 23 Mar 2012 21:49
Picon
Favicon

dnsqr elements for response fields?


Hi folks,

I'm looking for your thoughts on extending dnsqr.

I've been working with dnsqr messages on a research project that
needs access to the answer values (for instance, for AAAA and
A queries) and it's inconvenient that, while dnsqr messages have
elements for the query (e.g., qname), there aren't many elements for
the response fields.  Instead, we have the whole response packet to
unpack repeatedly during analyses.

Is the status quo because there would need to be so many optional
and repeated fields to deal with the variety of answer types?

To support my work and others that want easy access to the answer
fields, do you have thoughts about whether we can add repeated/optional
fields to ISC's dnsqr message, or is my best bet to make my own
enterprise-specific copy of dnsqr?

Specifically, I want a repeated element for IPv4 and IPv6 answers...
so I think I want elements such "in_a_ip" in_aaaa_ip".
Do you have other ideas for a good solution?

Thanks!
Dave

--

-- 
plonka <at> cs.wisc.edu  http://net.doit.wisc.edu/~plonka/  Madison, WI
(Continue reading)

Permalink | Reply | 1 comment |
headers
Robert Edmonds | 24 Mar 2012 00:13

Re: dnsqr elements for response fields?

Dave Plonka wrote:
> Hi folks,
> 
> I'm looking for your thoughts on extending dnsqr.
> 
> I've been working with dnsqr messages on a research project that
> needs access to the answer values (for instance, for AAAA and
> A queries) and it's inconvenient that, while dnsqr messages have
> elements for the query (e.g., qname), there aren't many elements for
> the response fields.  Instead, we have the whole response packet to
> unpack repeatedly during analyses.
> 
> Is the status quo because there would need to be so many optional
> and repeated fields to deal with the variety of answer types?
> 
> To support my work and others that want easy access to the answer
> fields, do you have thoughts about whether we can add repeated/optional
> fields to ISC's dnsqr message, or is my best bet to make my own
> enterprise-specific copy of dnsqr?
> 
> Specifically, I want a repeated element for IPv4 and IPv6 answers...
> so I think I want elements such "in_a_ip" in_aaaa_ip".
> Do you have other ideas for a good solution?

hi, dave:

you really, really don't want to try to replicate the complexity of the
DNS message format into the nmsg msgmod API.  the workflow envisioned
for these sorts of dnsqr applications has always been that you use
nmsg/dnsqr to capture and store the DNS messages, and then you pass the
(Continue reading)

Permalink | Reply | 0 comments |

Gmane