Development Update #1612

With 2017 approaching here are some DNS-OARC development updates, as previously mentioned these updates will be sent out on a monthly or bi-monthly basis and will contain highlights of the current development work being done at DNS-OARC.

Experimental CBOR formats

As there was a lot of talk about CBOR I decided to implement some experimental support in dnscap, first out was a format with the structure of DNS-in-JSON draft by Paul Hoffman which also lead to some feedback on the draft itself.

Next is a format I call “CBOR DNS Stream” (CDS) which was inspired by the C-DNS draft but with a different approach. C-DNS compiles and does de-duplication on the whole set of data and stores the look-up tables in the beginning of the file which requires them to be completed beforehand. CDS is based around a stream of DNS and can utilize many de-duplication methods, so far a reverse index method has been implemented (meaning take the N previous element) and have been able to produce the same amount of “compression” as C-DNS does.

CDS also aims to preserve DNS characteristics, such as invalid / incomplete DNS packets and name compression, and can store non-DNS data in the same stream, for example TCP SYN/ACK and ICMP. As far as I know, C-DNS can not do any of this, it only stores DNS, removes name compression and can only handle valid DNS packets.

There are currently no plans to implement C-DNS in dnscap due to lack of clarity on some intellectual property questions.

Both the CBOR DNS-in-JSON and CDS format are available in the latest dnscap version (v1.3.0).

Releases

For DSC version 2.2.0, 2.2.1 and 2.3.0 have been released since last update and some of the highlights are:
- New runtime options -m, -i and -T (see man-page)
- Using pcap-thread, PCAP helper library with POSIX threads support
- Removed C++ library Hapy, now only C
- New optional mask for local_address to specify networks

For full release notes see the GitHub release page for DSC.

For dnscap version 1.1.0, 1.2.0 and 1.3.0 have been released since last update and some of the highlights are:
- Restructure repository and use autotools
- Compiled and tested on Debian, Ubuntu, CentOS, FreeBSD and OpenBSD using Jenkins and Travis-CI
- Source code static analysis using Coverity Scan
- Using pcap-thread, PCAP helper library with POSIX threads support, solved missing packets during very low traffic
- When only reading offline pcap files it will not attempt to drop privileges
- New runtime options -V, -M, -D, -W, -C, -o, -F and -N (see man-page)

For full release notes see the GitHub release page for dnscap.

Packages

Beside building packages for our software for Debian and Ubuntu, we have now also started using openSUSE Build Services to build packages for most RPM distributions namely; CentOS, Fedora, RHEL, SLE and openSUSE.

We are currently testing with pre-release repositories setup on my home project, please report any issue to me directly or as an issue on the software’s GitHub page.

You can find more information and the links to the repositories on the DNS-OARC Packages page.

Cheers,
Jerry