Here are some DNS-OARC development highlights from the past months. Previous blog posts are available on our Medium blog.
dsc: EDNS indexers and filters
In the v2.15.0 release of DSC, we fixed issues with the OPT/EDNS parsing and added a lot of new EDNS indexers and filters.
Previously the DNS parser expected the additional records to come straight after the question section. Meaning that if the DNS packet had any answer or authority records, they would be parsed as additional records for the OPT record and EDNS information — this has been fixed!
Following new indexers have been added:
- edns_cookie
- edns_cookie_len
- edns_cookie_client
- edns_cookie_server
- edns_ecs
- edns_ecs_family
- edns_ecs_source_prefix
- edns_ecs_scope_prefix
- edns_ecs_address
- edns_ecs_subnet
- edns_ede
- edns_ede_code
- edns_ede_textlen
- edns_ede_text
- edns_nsid
- edns_nsid_len
- edns_nsid_data
- edns_nsid_text
Following new filters have been added:
- edns0-only
- edns0-cookie-only
- edns0-nsid-only
- edns0-ede-only
- edns0-ecs-only
See man-page dsc.conf(5) for more information.
dnscap: EDNS Client Subnet anonymization
With the release of dnscap v2.2.0, you can now anonymize the EDNS Client Subnet using any of the anonymization plugins!
There’s two new options for the plugins to control this:
- -e
: also anonymize EDNS Client Subnet
- -E
: only anonymize EDNS Client Subnet
For more information see the PLUGINS section in man-page dnscap(1).
Prototype in development: crunchy DITL
The work has started on the prototype to make DITL available on a modern extendable big data systems, and we have chosen ClickHouse for this!
It will contain DITL data from 2020, approx 16TB of raw PCAPs will be loaded into ClickHouse using our dnsjit software. We will also try out Apache Superset as the interface for our researchers.
Are you a DNS researcher and want to look at DITL data? Sign up for OARC membership today! Already a members? Contact us.
Testing of the prototype will be done in Q4 of 2024 so stay tuned for more details!
Join the community!
Lots more have happened to our software over the past months, check out our GitHub account for all our software and releases.
And join us on our Mattermost chat server, here’s the specific public channel for our software and services: https://chat.dns-oarc.net/community/channels/oarc-software
OARC 42 — Don’t panic!
It’s time again for a DNS-OARC Workshop, and this time we will bring you the answer to Life, the Universe, and DNS: 42!
Hope to see you in Charlotte, North Carolina at the Embassy Suites Charlotte Uptown on 8–9 February 2024. Let’s meet and talk about OARC software and services!
Cheers,
Jerry