Here are some DNS-OARC development highlights from the past months. These updates are sent out on a bi-monthly basis and the previous updates can be found on our Medium page.
Fragments, be GONE!
The RSSM plugin update project included work related to the general network code of dnscap, and one of these things was to add functionality to handle IP fragmentation.
This has now been added to pcap-thread (helper library used in DSC, dnscap and drool) and as of dnscap version 1.7.0 this can be enabled by using the extended options `-o defrag_ipv4=yes` and `-o defrag_ipv6=yes`, more options are available so check the extended options section in the man-page.
Peaking into ongoing TCP streams
Another network code update was about parsing TCP streams that were ongoing and this feature has been added to the develop branch of dnscap and will be included in the next release.
For this the extend option `parse_ongoing_tcp` has been added to enable this feature and it will try and parse each TCP packet that has payload as a DNS message. This might of course not always work so there are more options…
The extend option `allow_reset_tcpstate` makes it so that the internal diagnostic (-g) or a plugin can reset the TCP state if there is problem parsing the DNS to try and recover the TCP stream.
Additional functionality has been added to reassemble the TCP stream before trying to parse it, `reassemble_tcp` does this and can handle DNS messages that are split over multiple TCP packets.
However, all situations are not covered so there is another option named `reassemble_tcp_faultreset` which you can use to tweak the tolerance level of the reassembly so that a full TCP state reset is made when too many errors have happened.
FOSDEM18’s new DNS track
I attended FOSDEM once some 12–13 years ago and don’t quite know why I haven’t been back but next week it is time for FOSDEM18 and I will surely be in the newly formed DNS track/devroom on Sunday. Will you be there too?
About 6 weeks left until we kick off OARC28 in San Juan, Puerto Rico!
This time I will have a bigger and better demo booth up and running the latest OARC software and services so that anyone attending can get some hands-on experience or ask any question that comes to mind!
Hope to see you there!