From dc99f2083323dbb30b5a618e5b7c8cc112c9ef83 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Fri, 10 May 2013 13:44:42 -0400 Subject: [PATCH 01/26] dnstap.pb/COPYRIGHT: new --- COPYRIGHT | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 COPYRIGHT diff --git a/COPYRIGHT b/COPYRIGHT new file mode 100644 index 0000000..27375a6 --- /dev/null +++ b/COPYRIGHT @@ -0,0 +1,13 @@ +Copyright (c) 2013 by Internet Systems Consortium, Inc. ("ISC") + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. From 3b4eebd2ad4d903cbfa08f1883def67407492563 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Fri, 10 May 2013 14:00:07 -0400 Subject: [PATCH 02/26] dnstap.pb/README: new --- README | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 0000000..9563ff9 --- /dev/null +++ b/README @@ -0,0 +1,5 @@ +dnstap: flexible, structured event replication format for DNS servers +--------------------------------------------------------------------- + +This directory contains only the protobuf schemas for dnstap, and is the root of +a repository named "dnstap.pb". From e903dd6a2b9c43c056edd1332af2dc1ea0b37d22 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Fri, 10 May 2013 14:00:15 -0400 Subject: [PATCH 03/26] dnstap.pb/message.proto: new --- message.proto | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 168 insertions(+) create mode 100644 message.proto diff --git a/message.proto b/message.proto new file mode 100644 index 0000000..b6700bd --- /dev/null +++ b/message.proto @@ -0,0 +1,168 @@ +package dnstap; + +// dnstap: flexible, structured event logging for DNS servers + +// This file contains the protobuf schemas for the dnstap "Message" payload, +// which carries wire-format (RFC 1035 section 4) DNS messages along with +// metadata. + +// There are currently six subtypes of "Message" defined (see the MessageType +// enum below), corresponding to the four arrows in the following diagram, +// slightly modified from RFC 1035 section 2: + +// +---------+ recursive +----------+ +--------+ +// | | queries | |queries | | +// | Stub |-------------->| Recursive|---------->| Auth. | +// | Resolver| | Server | | Name | +// | |<--------------| |<----------| Server | +// +---------+ responses | |responses | | +// +----------+ +--------+ +// | Central | +// | cache | +// +----------+ + +// Two of the arrows, the "queries" and "responses" between the recursive +// server and the authoritative name server, have two MessageType values each, +// one for each "end" of each arrow, because these are considered to be +// distinct events. + +// MessageType: the type of DNS message encapsulated in a Message payload +enum MessageType { + AUTH_QUERY = 0; + // An AUTH_QUERY is a DNS query message received from a recursive server + // by an authoritative name server, from the perspective of the + // authorative name server. + + AUTH_RESPONSE = 1; + // An AUTH_RESPONSE is a DNS response message sent from an authoritative + // name server to a recursive server, from the perspective of the + // authoritative name server. + + RESOLVER_QUERY = 2; + // A RESOLVER_QUERY is a DNS query message sent from a recursive server to + // an authoritative name server, from the perspective of the recursive + // server. + + RESOLVER_RESPONSE = 3; + // A RESOLVER_RESPONSE is a DNS response message received from an + // authoritative name server by a recursive server, from the perspective + // of the recursive server. + + CLIENT_QUERY = 4; + // A CLIENT_QUERY is a DNS query message sent from a client to a recursive + // server. A client is a stub resolver or forwarder or some other type of + // software which sets the RD (recursion desired) bit when querying a + // recursive server. + + CLIENT_RESPONSE = 5; + // A CLIENT_RESPONSE is a DNS response message sent from a recursive + // server to a client. +} + +// SocketFamily: the protocol family of the socket that a DNS message was +// sent or received over. +enum SocketFamily { + INET = 0; // IPv4 (RFC 791) + INET6 = 1; // IPv6 (RFC 2460) +} + +// SocketProtocol: the transport protocol of the socket that a DNS message was +// sent or received over. +enum SocketProtocol { + UDP = 0; // User Datagram Protocol (RFC 768) + TCP = 1; // Transmission Control Protocol (RFC 793) +} + +// Message: a DNS message and associated metadata. A Message encodes one of +// the MessageTypes described above and has different requirements based on +// the MessageType, described below. +message Message { + required MessageType type = 1; + // One of the MessageType values described above. + + required SocketFamily socket_family = 2; + // One of the SocketFamily values described above. + + required SocketProtocol socket_protocol = 3; + // One of the SocketProtocol values described above. + + required bytes query_address = 4; + // The network address of the message initiator. + // This is either a 4-octet IPv4 address or a 16-octet IPv6 address. + + required bytes response_address = 5; + // The network address of the message responder. + // This is either a 4-octet IPv4 address or a 16-octet IPv6 address. + + required uint32 query_port = 6; + // The transport port of the message initiator. + // This is a 16-bit UDP or TCP port number. + + required uint32 response_port = 7; + // The transport port of the message responder. + // This is a 16-bit UDP or TCP port number. + + required uint32 message_id = 8; + // The DNS message ID of the query and/or response message. + // This is a 16-bit number. + + required bytes query_name = 9; + // The wire-format DNS query name. + + required uint32 query_type = 10; + // The DNS query type. + + required uint32 query_class = 11; + // The DNS query class. + + optional fixed64 query_time = 12; + // The time at which the DNS query message was sent or received. + // This is the number of microseconds since the UNIX epoch. + + optional bytes query_message = 13; + // The initiator's original wire-format DNS query message. + + optional bytes query_bailiwick = 14; + // The initiator's "bailiwick" pertaining to the DNS query message. + + optional fixed64 response_time = 15; + // The time at which the DNS response message was sent or received. + // This is the number of microseconds since the UNIX epoch. + + optional bytes response_message = 16; + // The responder's original wire-format DNS response message. +} + +// Technically, the protobuf Message schema above only strictly requires the +// first 11 fields, and a valid Message payload could conceivably contain only +// those required fields. However, a "dnstap" Message payload also fulfills +// the following requirements, based on the MessageType value: + +// AUTH_QUERY: +// query_message MUST be present +// query_time MUST be present + +// AUTH_RESPONSE: +// query_time MAY be present +// response_message MUST be present +// response_time MUST be present + +// RESOLVER_QUERY: +// query_bailiwick MUST be present +// query_message MUST be present +// query_time MUST be present + +// RESOLVER_RESPONSE: +// query_bailiwick MUST be present +// query_time MAY be present +// response_message MUST be present +// response_time MUST be present + +// CLIENT_QUERY: +// query_message MUST be present +// query_time MUST be present + +// CLIENT_RESPONSE: +// query_time MAY be present +// response_message MUST be present +// response_time MUST be present From 6d823cc56059f2e78dfd1a89efb85fcf2931b9d2 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sat, 11 May 2013 11:21:18 -0400 Subject: [PATCH 04/26] .gitignore: ignore automake and protobuf-c generated files --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3636986 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.deps/ +.dirstamp +.libs/ +*.pb-c.* From f7d89c84dd4dc0aeba246aa946c1bdf2ea156519 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Mon, 13 May 2013 19:59:43 -0400 Subject: [PATCH 05/26] replace message.proto with dnstap.proto, add a top-level "Dnstap" union message --- dnstap.proto | 192 ++++++++++++++++++++++++++++++++++++++++++++++++++ message.proto | 168 ------------------------------------------- 2 files changed, 192 insertions(+), 168 deletions(-) create mode 100644 dnstap.proto delete mode 100644 message.proto diff --git a/dnstap.proto b/dnstap.proto new file mode 100644 index 0000000..cdcb013 --- /dev/null +++ b/dnstap.proto @@ -0,0 +1,192 @@ +// dnstap: flexible, structured event replication format for DNS servers + +// This file contains the protobuf schemas for the "dnstap" structured event +// replication format for DNS servers. + +package dnstap; + +// "Dnstap": this is the top-level dnstap type, which is a "union" type that +// contains other kinds of dnstap payloads, although currently only one type +// of dnstap payload is defined. +// See: https://developers.google.com/protocol-buffers/docs/techniques#union +message Dnstap { + enum Type { + MESSAGE = 1; + } + + // Identifies which field is filled in. + required Type type = 1; + + // One of the following will be filled in. + optional Message message = 2; +} + +// SocketFamily: the network protocol family of a socket. This specifies how +// to interpret "network address" fields. +enum SocketFamily { + INET = 1; // IPv4 (RFC 791) + INET6 = 2; // IPv6 (RFC 2460) +} + +// SocketProtocol: the transport protocol of a socket. This specifies how to +// interpret "transport port" fields. +enum SocketProtocol { + UDP = 1; // User Datagram Protocol (RFC 768) + TCP = 2; // Transmission Control Protocol (RFC 793) +} + +// Message: a wire-format (RFC 1035 section 4) DNS message and associated +// metadata. Applications generating "Message" payloads should follow +// certain requirements based on the MessageType, see below. +message Message { + + // There are currently six types of "Message" defined, corresponding to + // the four arrows in the following diagram, slightly modified from RFC + // 1035 section 2: + + // +---------+ recursive +----------+ +--------+ + // | | queries | |queries | | + // | Stub |-------------->| Recursive|---------->| Auth. | + // | Resolver| | Server | | Name | + // | |<--------------| |<----------| Server | + // +---------+ responses | |responses | | + // +----------+ +--------+ + // | Central | + // | cache | + // +----------+ + + // Two of the arrows, the "queries" and "responses" between the + // recursive server and the authoritative name server, have two Type + // values each, one for each "end" of each arrow, because these are + // considered to be distinct events. No Type values are assigned for the + // stub resolver arrows' "ends", because dnstap is intended for use in + // DNS servers, not stub clients. + + enum Type { + // AUTH_QUERY is a DNS query message received from a recursive + // server by an authoritative name server, from the perspective of + // the authorative name server. + AUTH_QUERY = 1; + + // AUTH_RESPONSE is a DNS response message sent from an + // authoritative name server to a recursive server, from the + // perspective of the authoritative name server. + AUTH_RESPONSE = 2; + + // RESOLVER_QUERY is a DNS query message sent from a recursive + // server to an authoritative name server, from the perspective of + // the recursive server. + RESOLVER_QUERY = 3; + + // RESOLVER_RESPONSE is a DNS response message received from an + // authoritative name server by a recursive server, from the + // perspective of the recursive server. + RESOLVER_RESPONSE = 4; + + // CLIENT_QUERY is a DNS query message sent from a client to a + // recursive server. A client is a stub resolver or forwarder or + // some other type of software which sets the RD (recursion desired) + // bit when querying a recursive server. + CLIENT_QUERY = 5; + + // CLIENT_RESPONSE is a DNS response message sent from a recursive + // server to a client. + CLIENT_RESPONSE = 6; + } + + // One of the Type values described above. + required Type type = 1; + + // One of the SocketFamily values described above. + required SocketFamily socket_family = 2; + + // One of the SocketProtocol values described above. + required SocketProtocol socket_protocol = 3; + + // The network address of the message initiator. + // For SocketFamily INET, this field is 4 octets (IPv4 address). + // For SocketFamily INET6, this field is 16 octets (IPv6 address). + required bytes query_address = 4; + + // The network address of the message responder. + // For SocketFamily INET, this field is 4 octets (IPv4 address). + // For SocketFamily INET6, this field is 16 octets (IPv6 address). + required bytes response_address = 5; + + // The transport port of the message initiator. + // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. + required uint32 query_port = 6; + + // The transport port of the message responder. + // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. + required uint32 response_port = 7; + + // The DNS message ID of the query and/or response message. + // This is a 16-bit number. + required uint32 message_id = 8; + + // The wire-format DNS query name. This field is case folded. The query + // name appears in its original case as sent or received on the wire in + // the question section of the verbatim query or response message. + required bytes query_name = 9; + + // The DNS query type. + required uint32 query_type = 10; + + // The DNS query class. + required uint32 query_class = 11; + + // The time at which the DNS query message was sent or received. + // This is the number of microseconds since the UNIX epoch. + optional fixed64 query_time = 12; + + // The initiator's original wire-format DNS query message, verbatim. + optional bytes query_message = 13; + + // The initiator's "bailiwick" pertaining to the DNS query message. This + // field is case folded. + optional bytes query_bailiwick = 14; + + // The time at which the DNS response message was sent or received. + // This is the number of microseconds since the UNIX epoch. + optional fixed64 response_time = 15; + + // The responder's original wire-format DNS response message, verbatim. + optional bytes response_message = 16; +} + +// Technically, the protobuf Message schema above only strictly requires the +// first 11 fields which are marked "required", and a valid Message protobuf +// could conceivably contain only those required fields. However, a "dnstap" +// Message payload also fulfills the requirements listed below, based on the +// MessageType value. These requirements are difficult to fully enforce with +// a protobuf schema. + +// AUTH_QUERY: +// query_message MUST be present +// query_time MUST be present + +// AUTH_RESPONSE: +// query_time MAY be present +// response_message MUST be present +// response_time MUST be present + +// RESOLVER_QUERY: +// query_bailiwick MUST be present +// query_message MUST be present +// query_time MUST be present + +// RESOLVER_RESPONSE: +// query_bailiwick MUST be present +// query_time MAY be present +// response_message MUST be present +// response_time MUST be present + +// CLIENT_QUERY: +// query_message MUST be present +// query_time MUST be present + +// CLIENT_RESPONSE: +// query_time MAY be present +// response_message MUST be present +// response_time MUST be present diff --git a/message.proto b/message.proto deleted file mode 100644 index b6700bd..0000000 --- a/message.proto +++ /dev/null @@ -1,168 +0,0 @@ -package dnstap; - -// dnstap: flexible, structured event logging for DNS servers - -// This file contains the protobuf schemas for the dnstap "Message" payload, -// which carries wire-format (RFC 1035 section 4) DNS messages along with -// metadata. - -// There are currently six subtypes of "Message" defined (see the MessageType -// enum below), corresponding to the four arrows in the following diagram, -// slightly modified from RFC 1035 section 2: - -// +---------+ recursive +----------+ +--------+ -// | | queries | |queries | | -// | Stub |-------------->| Recursive|---------->| Auth. | -// | Resolver| | Server | | Name | -// | |<--------------| |<----------| Server | -// +---------+ responses | |responses | | -// +----------+ +--------+ -// | Central | -// | cache | -// +----------+ - -// Two of the arrows, the "queries" and "responses" between the recursive -// server and the authoritative name server, have two MessageType values each, -// one for each "end" of each arrow, because these are considered to be -// distinct events. - -// MessageType: the type of DNS message encapsulated in a Message payload -enum MessageType { - AUTH_QUERY = 0; - // An AUTH_QUERY is a DNS query message received from a recursive server - // by an authoritative name server, from the perspective of the - // authorative name server. - - AUTH_RESPONSE = 1; - // An AUTH_RESPONSE is a DNS response message sent from an authoritative - // name server to a recursive server, from the perspective of the - // authoritative name server. - - RESOLVER_QUERY = 2; - // A RESOLVER_QUERY is a DNS query message sent from a recursive server to - // an authoritative name server, from the perspective of the recursive - // server. - - RESOLVER_RESPONSE = 3; - // A RESOLVER_RESPONSE is a DNS response message received from an - // authoritative name server by a recursive server, from the perspective - // of the recursive server. - - CLIENT_QUERY = 4; - // A CLIENT_QUERY is a DNS query message sent from a client to a recursive - // server. A client is a stub resolver or forwarder or some other type of - // software which sets the RD (recursion desired) bit when querying a - // recursive server. - - CLIENT_RESPONSE = 5; - // A CLIENT_RESPONSE is a DNS response message sent from a recursive - // server to a client. -} - -// SocketFamily: the protocol family of the socket that a DNS message was -// sent or received over. -enum SocketFamily { - INET = 0; // IPv4 (RFC 791) - INET6 = 1; // IPv6 (RFC 2460) -} - -// SocketProtocol: the transport protocol of the socket that a DNS message was -// sent or received over. -enum SocketProtocol { - UDP = 0; // User Datagram Protocol (RFC 768) - TCP = 1; // Transmission Control Protocol (RFC 793) -} - -// Message: a DNS message and associated metadata. A Message encodes one of -// the MessageTypes described above and has different requirements based on -// the MessageType, described below. -message Message { - required MessageType type = 1; - // One of the MessageType values described above. - - required SocketFamily socket_family = 2; - // One of the SocketFamily values described above. - - required SocketProtocol socket_protocol = 3; - // One of the SocketProtocol values described above. - - required bytes query_address = 4; - // The network address of the message initiator. - // This is either a 4-octet IPv4 address or a 16-octet IPv6 address. - - required bytes response_address = 5; - // The network address of the message responder. - // This is either a 4-octet IPv4 address or a 16-octet IPv6 address. - - required uint32 query_port = 6; - // The transport port of the message initiator. - // This is a 16-bit UDP or TCP port number. - - required uint32 response_port = 7; - // The transport port of the message responder. - // This is a 16-bit UDP or TCP port number. - - required uint32 message_id = 8; - // The DNS message ID of the query and/or response message. - // This is a 16-bit number. - - required bytes query_name = 9; - // The wire-format DNS query name. - - required uint32 query_type = 10; - // The DNS query type. - - required uint32 query_class = 11; - // The DNS query class. - - optional fixed64 query_time = 12; - // The time at which the DNS query message was sent or received. - // This is the number of microseconds since the UNIX epoch. - - optional bytes query_message = 13; - // The initiator's original wire-format DNS query message. - - optional bytes query_bailiwick = 14; - // The initiator's "bailiwick" pertaining to the DNS query message. - - optional fixed64 response_time = 15; - // The time at which the DNS response message was sent or received. - // This is the number of microseconds since the UNIX epoch. - - optional bytes response_message = 16; - // The responder's original wire-format DNS response message. -} - -// Technically, the protobuf Message schema above only strictly requires the -// first 11 fields, and a valid Message payload could conceivably contain only -// those required fields. However, a "dnstap" Message payload also fulfills -// the following requirements, based on the MessageType value: - -// AUTH_QUERY: -// query_message MUST be present -// query_time MUST be present - -// AUTH_RESPONSE: -// query_time MAY be present -// response_message MUST be present -// response_time MUST be present - -// RESOLVER_QUERY: -// query_bailiwick MUST be present -// query_message MUST be present -// query_time MUST be present - -// RESOLVER_RESPONSE: -// query_bailiwick MUST be present -// query_time MAY be present -// response_message MUST be present -// response_time MUST be present - -// CLIENT_QUERY: -// query_message MUST be present -// query_time MUST be present - -// CLIENT_RESPONSE: -// query_time MAY be present -// response_message MUST be present -// response_time MUST be present From d3b995ccff16d89dac1f5445f8dc4d65ef7476f6 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Mon, 13 May 2013 20:14:23 -0400 Subject: [PATCH 06/26] Message: convert to using (uint64, fixed32) pair for representing time --- dnstap.proto | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index cdcb013..d4096c9 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -136,23 +136,34 @@ message Message { // The DNS query class. required uint32 query_class = 11; + // The time at which the DNS query message was sent or received, depending + // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY. + // This is the number of seconds since the UNIX epoch. + optional uint64 query_time_sec = 12; + // The time at which the DNS query message was sent or received. - // This is the number of microseconds since the UNIX epoch. - optional fixed64 query_time = 12; + // This is the seconds fraction, expressed as a count of nanoseconds. + optional fixed32 query_time_nsec = 13; // The initiator's original wire-format DNS query message, verbatim. - optional bytes query_message = 13; + optional bytes query_message = 14; // The initiator's "bailiwick" pertaining to the DNS query message. This // field is case folded. - optional bytes query_bailiwick = 14; + optional bytes query_bailiwick = 15; + + // The time at which the DNS response message was sent or received, + // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or + // CLIENT_RESPONSE. + // This is the number of seconds since the UNIX epoch. + optional uint64 response_time_sec = 16; // The time at which the DNS response message was sent or received. - // This is the number of microseconds since the UNIX epoch. - optional fixed64 response_time = 15; + // This is the seconds fraction, expressed as a count of nanoseconds. + optional fixed32 response_time_nsec = 17; // The responder's original wire-format DNS response message, verbatim. - optional bytes response_message = 16; + optional bytes response_message = 18; } // Technically, the protobuf Message schema above only strictly requires the From 74799d857d7f0d7124c47a738e41bce3d457860c Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Mon, 13 May 2013 20:53:16 -0400 Subject: [PATCH 07/26] Message: add optional "nsid" field (RFC 5001) --- dnstap.proto | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dnstap.proto b/dnstap.proto index d4096c9..2791a31 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -164,6 +164,11 @@ message Message { // The responder's original wire-format DNS response message, verbatim. optional bytes response_message = 18; + + // DNS Name Server Identifier (NSID) option (RFC 5001). + // If enabled, this is the NSID content configured into the DNS server which + // generated the dnstap "Message" payload. + optional bytes nsid = 19; } // Technically, the protobuf Message schema above only strictly requires the From 30af068e6afbbef9cc33dcd13ad7c977c3747d9d Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 14 May 2013 15:08:53 -0400 Subject: [PATCH 08/26] move "nsid" field from Message to Dnstap --- dnstap.proto | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 2791a31..7b6ad96 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -14,11 +14,16 @@ message Dnstap { MESSAGE = 1; } - // Identifies which field is filled in. - required Type type = 1; + // DNS Name Server Identifier (NSID) option (RFC 5001). + // If enabled, this is the NSID content configured into the DNS server which + // generated this message. + optional bytes nsid = 1; + + // Identifies which field below is filled in. + required Type type = 2; // One of the following will be filled in. - optional Message message = 2; + optional Message message = 3; } // SocketFamily: the network protocol family of a socket. This specifies how @@ -164,11 +169,6 @@ message Message { // The responder's original wire-format DNS response message, verbatim. optional bytes response_message = 18; - - // DNS Name Server Identifier (NSID) option (RFC 5001). - // If enabled, this is the NSID content configured into the DNS server which - // generated the dnstap "Message" payload. - optional bytes nsid = 19; } // Technically, the protobuf Message schema above only strictly requires the From 9fb595dbb36b2079863211f0748321f7fc8eb61b Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 14 May 2013 15:14:02 -0400 Subject: [PATCH 09/26] Dnstap: use tag number 15 for 'type', number 14 for 'message' type field + union types will be added from the top of the one-byte range (15, 14, ...) while new metadata options will be added from the bottom of the one-byte range (1, 2, ...). --- dnstap.proto | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 7b6ad96..9364fe6 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -20,10 +20,10 @@ message Dnstap { optional bytes nsid = 1; // Identifies which field below is filled in. - required Type type = 2; + required Type type = 15; // One of the following will be filled in. - optional Message message = 3; + optional Message message = 14; } // SocketFamily: the network protocol family of a socket. This specifies how From 3e96d2c7b85d6bcc21b2d400f6147f97609aa15c Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 14 May 2013 15:18:49 -0400 Subject: [PATCH 10/26] Dnstap: style: move Type enum declaration to near type variable --- dnstap.proto | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 9364fe6..a8d7df0 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -10,16 +10,15 @@ package dnstap; // of dnstap payload is defined. // See: https://developers.google.com/protocol-buffers/docs/techniques#union message Dnstap { - enum Type { - MESSAGE = 1; - } - // DNS Name Server Identifier (NSID) option (RFC 5001). // If enabled, this is the NSID content configured into the DNS server which // generated this message. optional bytes nsid = 1; // Identifies which field below is filled in. + enum Type { + MESSAGE = 1; + } required Type type = 15; // One of the following will be filled in. From 01fd513615a1d1ddb82632b9c8e643ccb63c07aa Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 14 May 2013 15:23:27 -0400 Subject: [PATCH 11/26] Dnstap: add optional "version" field ("version.bind" equivalent) --- dnstap.proto | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dnstap.proto b/dnstap.proto index a8d7df0..f9bc44b 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -15,6 +15,12 @@ message Dnstap { // generated this message. optional bytes nsid = 1; + // DNS server version. + // If enabled, this is the version string of the DNS server which generated + // this message. Typically this would be the same string as returned by a + // "version.bind" query. + optional bytes version = 2; + // Identifies which field below is filled in. enum Type { MESSAGE = 1; From 5ccb7d5321bef701667493771caaea0b1999c189 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Wed, 29 May 2013 21:43:37 -0700 Subject: [PATCH 12/26] Dnstap: rename "nsid" to "identity" --- dnstap.proto | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index f9bc44b..e0f8291 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -10,10 +10,11 @@ package dnstap; // of dnstap payload is defined. // See: https://developers.google.com/protocol-buffers/docs/techniques#union message Dnstap { - // DNS Name Server Identifier (NSID) option (RFC 5001). - // If enabled, this is the NSID content configured into the DNS server which - // generated this message. - optional bytes nsid = 1; + // DNS server identity. + // If enabled, this is the identity string of the DNS server which generated + // this message. Typically this would be the same string as returned by an + // "NSID" (RFC 5001) query. + optional bytes identity = 1; // DNS server version. // If enabled, this is the version string of the DNS server which generated From 7409754849b4104baaa53cacdffd8a316add2f9b Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Wed, 29 May 2013 22:07:54 -0700 Subject: [PATCH 13/26] Message: make required fields optional --- dnstap.proto | 75 +++++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 33 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index e0f8291..7a127e9 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -109,43 +109,43 @@ message Message { required Type type = 1; // One of the SocketFamily values described above. - required SocketFamily socket_family = 2; + optional SocketFamily socket_family = 2; // One of the SocketProtocol values described above. - required SocketProtocol socket_protocol = 3; + optional SocketProtocol socket_protocol = 3; // The network address of the message initiator. // For SocketFamily INET, this field is 4 octets (IPv4 address). // For SocketFamily INET6, this field is 16 octets (IPv6 address). - required bytes query_address = 4; + optional bytes query_address = 4; // The network address of the message responder. // For SocketFamily INET, this field is 4 octets (IPv4 address). // For SocketFamily INET6, this field is 16 octets (IPv6 address). - required bytes response_address = 5; + optional bytes response_address = 5; // The transport port of the message initiator. // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. - required uint32 query_port = 6; + optional uint32 query_port = 6; // The transport port of the message responder. // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. - required uint32 response_port = 7; + optional uint32 response_port = 7; // The DNS message ID of the query and/or response message. // This is a 16-bit number. - required uint32 message_id = 8; + optional uint32 message_id = 8; // The wire-format DNS query name. This field is case folded. The query // name appears in its original case as sent or received on the wire in // the question section of the verbatim query or response message. - required bytes query_name = 9; + optional bytes query_name = 9; // The DNS query type. - required uint32 query_type = 10; + optional uint32 query_type = 10; // The DNS query class. - required uint32 query_class = 11; + optional uint32 query_class = 11; // The time at which the DNS query message was sent or received, depending // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY. @@ -177,38 +177,47 @@ message Message { optional bytes response_message = 18; } -// Technically, the protobuf Message schema above only strictly requires the -// first 11 fields which are marked "required", and a valid Message protobuf -// could conceivably contain only those required fields. However, a "dnstap" -// Message payload also fulfills the requirements listed below, based on the -// MessageType value. These requirements are difficult to fully enforce with -// a protobuf schema. +// All fields except for 'type' in the Message schema are optional. +// It is recommended that at least the following fields be filled in for +// particular types of Messages. // AUTH_QUERY: -// query_message MUST be present -// query_time MUST be present +// socket_family, socket_protocol +// query_address, query_port +// query_message +// query_time_sec, query_time_nsec // AUTH_RESPONSE: -// query_time MAY be present -// response_message MUST be present -// response_time MUST be present +// socket_family, socket_protocol +// query_address, query_port +// query_time_sec, query_time_nsec +// response_message +// response_time_sec, response_time_nsec // RESOLVER_QUERY: -// query_bailiwick MUST be present -// query_message MUST be present -// query_time MUST be present +// socket_family, socket_protocol +// query_name, query_type, query_class +// query_message +// query_time_sec, query_time_nsec +// query_bailiwick +// response_address, response_port // RESOLVER_RESPONSE: -// query_bailiwick MUST be present -// query_time MAY be present -// response_message MUST be present -// response_time MUST be present +// socket_family, socket_protocol +// query_name, query_type, query_class +// query_time_sec, query_time_nsec +// query_bailiwick +// response_address, response_port +// response_message +// response_time_sec, response_time_nsec // CLIENT_QUERY: -// query_message MUST be present -// query_time MUST be present +// socket_family, socket_protocol +// query_message +// query_time_sec, query_time_nsec // CLIENT_RESPONSE: -// query_time MAY be present -// response_message MUST be present -// response_time MUST be present +// socket_family, socket_protocol +// query_time_sec, query_time_nsec +// response_message +// response_time_sec, response_time_nsec From e3d29f3d0d48ad928577d626627afbe7ea655fce Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Wed, 29 May 2013 22:12:52 -0700 Subject: [PATCH 14/26] Message: rename query_bailiwick to query_zone --- dnstap.proto | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 7a127e9..22bc715 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -159,9 +159,9 @@ message Message { // The initiator's original wire-format DNS query message, verbatim. optional bytes query_message = 14; - // The initiator's "bailiwick" pertaining to the DNS query message. This + // The "zone" or "bailiwick" pertaining to the DNS query message. This // field is case folded. - optional bytes query_bailiwick = 15; + optional bytes query_zone = 15; // The time at which the DNS response message was sent or received, // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or @@ -199,14 +199,14 @@ message Message { // query_name, query_type, query_class // query_message // query_time_sec, query_time_nsec -// query_bailiwick +// query_zone // response_address, response_port // RESOLVER_RESPONSE: // socket_family, socket_protocol // query_name, query_type, query_class // query_time_sec, query_time_nsec -// query_bailiwick +// query_zone // response_address, response_port // response_message // response_time_sec, response_time_nsec From c400e721aaafd9de6623460f2042781cd42246ba Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Mon, 3 Jun 2013 21:38:43 -0400 Subject: [PATCH 15/26] Message: add FORWARDER_QUERY, FORWARDER_RESPONSE Type values --- dnstap.proto | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 22bc715..95391f2 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -51,9 +51,9 @@ enum SocketProtocol { // certain requirements based on the MessageType, see below. message Message { - // There are currently six types of "Message" defined, corresponding to - // the four arrows in the following diagram, slightly modified from RFC - // 1035 section 2: + // There are six types of "Message" defined that correspond to the four + // arrows in the following diagram, slightly modified from RFC 1035 + // section 2: // +---------+ recursive +----------+ +--------+ // | | queries | |queries | | @@ -73,6 +73,10 @@ message Message { // stub resolver arrows' "ends", because dnstap is intended for use in // DNS servers, not stub clients. + // Two additional types of "Message" have been defined for the + // "forwarding" case where an upstream DNS server is responsible for + // further recursion. + enum Type { // AUTH_QUERY is a DNS query message received from a recursive // server by an authoritative name server, from the perspective of @@ -94,15 +98,30 @@ message Message { // perspective of the recursive server. RESOLVER_RESPONSE = 4; - // CLIENT_QUERY is a DNS query message sent from a client to a - // recursive server. A client is a stub resolver or forwarder or - // some other type of software which sets the RD (recursion desired) - // bit when querying a recursive server. + // CLIENT_QUERY is a DNS query message sent from a client to a DNS + // server which is expected to perform further recursion, from the + // perspective of the DNS server. The client may be a stub resolver or + // forwarder or some other type of software which typically sets the RD + // (recursion desired) bit when querying the DNS server. The DNS server + // may be a simple forwarding proxy or it may be a full recursive + // resolver. CLIENT_QUERY = 5; - // CLIENT_RESPONSE is a DNS response message sent from a recursive - // server to a client. + // CLIENT_RESPONSE is a DNS response message sent from a DNS server to + // a client. The DNS server typically sets the RA (recursion available) + // bit when responding. CLIENT_RESPONSE = 6; + + // FORWARDER_QUERY is a DNS query message sent from a downstream DNS + // server to an upstream DNS server which is expected to perform + // further recursion, from the perspective of the downstream DNS + // server. + FORWARDER_QUERY = 7; + + // FORWARDER_RESPONSE is a DNS response message sent from an upstream + // DNS server performing recursion to a downstream DNS server, from the + // perspective of the downstream DNS server. + FORWARDER_RESPONSE = 8; } // One of the Type values described above. From da2d9b505535334cc4bae1f110c6bba23288c7b2 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 25 Jun 2013 11:55:39 -0400 Subject: [PATCH 16/26] Dnstap: add "extra" field --- dnstap.proto | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dnstap.proto b/dnstap.proto index 95391f2..fc09736 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -22,6 +22,11 @@ message Dnstap { // "version.bind" query. optional bytes version = 2; + // Extra data for this payload. + // This field can be used for adding an arbitrary byte-string annotation to + // the payload. No encoding or interpretation is applied or enforced. + optional bytes extra = 3; + // Identifies which field below is filled in. enum Type { MESSAGE = 1; From 3c5e2d8e44cb1909fe47c9e8c5d967e8e2de4e51 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 25 Jun 2013 12:06:58 -0400 Subject: [PATCH 17/26] Message: clarify descriptions of AUTH_QUERY, AUTH_RESPONSE, RESOLVER_QUERY, RESOLVER_RESPONSE --- dnstap.proto | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index fc09736..d496354 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -83,24 +83,25 @@ message Message { // further recursion. enum Type { - // AUTH_QUERY is a DNS query message received from a recursive - // server by an authoritative name server, from the perspective of - // the authorative name server. + // AUTH_QUERY is a DNS query message received from a resolver by an + // authoritative name server, from the perspective of the authorative + // name server. AUTH_QUERY = 1; - // AUTH_RESPONSE is a DNS response message sent from an - // authoritative name server to a recursive server, from the - // perspective of the authoritative name server. + // AUTH_RESPONSE is a DNS response message sent from an authoritative + // name server to a resolver, from the perspective of the authoritative + // name server. AUTH_RESPONSE = 2; - // RESOLVER_QUERY is a DNS query message sent from a recursive - // server to an authoritative name server, from the perspective of - // the recursive server. + // RESOLVER_QUERY is a DNS query message sent from a resolver to an + // authoritative name server, from the perspective of the resolver. + // Resolvers typically clear the RD (recursion desired) bit when + // sending queries. RESOLVER_QUERY = 3; // RESOLVER_RESPONSE is a DNS response message received from an - // authoritative name server by a recursive server, from the - // perspective of the recursive server. + // authoritative name server by a resolver, from the perspective of + // the resolver. RESOLVER_RESPONSE = 4; // CLIENT_QUERY is a DNS query message sent from a client to a DNS @@ -113,8 +114,8 @@ message Message { CLIENT_QUERY = 5; // CLIENT_RESPONSE is a DNS response message sent from a DNS server to - // a client. The DNS server typically sets the RA (recursion available) - // bit when responding. + // a client, from the perspective of the DNS server. The DNS server + // typically sets the RA (recursion available) bit when responding. CLIENT_RESPONSE = 6; // FORWARDER_QUERY is a DNS query message sent from a downstream DNS From f08e4b39778b632a4047a38d769a3f9ac601ee9b Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 25 Jun 2013 12:08:33 -0400 Subject: [PATCH 18/26] Message: add STUB_QUERY, STUB_RESPONSE Type values --- dnstap.proto | 52 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index d496354..3bc74c2 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -56,31 +56,41 @@ enum SocketProtocol { // certain requirements based on the MessageType, see below. message Message { - // There are six types of "Message" defined that correspond to the four - // arrows in the following diagram, slightly modified from RFC 1035 + // There are eight types of "Message" defined that correspond to the + // four arrows in the following diagram, slightly modified from RFC 1035 // section 2: - // +---------+ recursive +----------+ +--------+ - // | | queries | |queries | | - // | Stub |-------------->| Recursive|---------->| Auth. | + // +---------+ +----------+ +--------+ + // | | query | | query | | + // | Stub |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth. | // | Resolver| | Server | | Name | - // | |<--------------| |<----------| Server | - // +---------+ responses | |responses | | + // | |<-SR--------CR-| |<-RR----AR-| Server | + // +---------+ response | | response | | // +----------+ +--------+ - // | Central | - // | cache | - // +----------+ - // Two of the arrows, the "queries" and "responses" between the - // recursive server and the authoritative name server, have two Type - // values each, one for each "end" of each arrow, because these are - // considered to be distinct events. No Type values are assigned for the - // stub resolver arrows' "ends", because dnstap is intended for use in - // DNS servers, not stub clients. + // Each arrow has two Type values each, one for each "end" of each arrow, + // because these are considered to be distinct events. Each end of each + // arrow on the diagram above has been marked with a two-letter Type + // mnemonic. Clockwise from upper left, these mnemonic values are: + // + // SQ: STUB_QUERY + // CQ: CLIENT_QUERY + // RQ: RESOLVER_QUERY + // AQ: AUTH_QUERY + // AR: AUTH_RESPONSE + // RR: RESOLVER_RESPONSE + // CR: CLIENT_RESPONSE + // SR: STUB_RESPONSE // Two additional types of "Message" have been defined for the // "forwarding" case where an upstream DNS server is responsible for - // further recursion. + // further recursion. These are not shown on the diagram above, but have + // the following mnemonic values: + + // FQ: FORWARDER_QUERY + // FR: FORWARDER_RESPONSE + + // The "Message" Type values are defined below. enum Type { // AUTH_QUERY is a DNS query message received from a resolver by an @@ -128,6 +138,14 @@ message Message { // DNS server performing recursion to a downstream DNS server, from the // perspective of the downstream DNS server. FORWARDER_RESPONSE = 8; + + // STUB_QUERY is a DNS query message sent from a stub resolver to a DNS + // server, from the perspective of the stub resolver. + STUB_QUERY = 9; + + // STUB_RESPONSE is a DNS response message sent from a DNS server to a + // stub resolver, from the perspective of the stub resolver. + STUB_RESPONSE = 10; } // One of the Type values described above. From 84fe97dd82c1b5934a00c2a6cf87d2e48c1587af Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Tue, 25 Jun 2013 13:46:20 -0400 Subject: [PATCH 19/26] "DNS servers" -> "DNS software" --- README | 4 ++-- dnstap.proto | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README b/README index 9563ff9..7f44551 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ -dnstap: flexible, structured event replication format for DNS servers ---------------------------------------------------------------------- +dnstap: flexible, structured event replication format for DNS software +---------------------------------------------------------------------- This directory contains only the protobuf schemas for dnstap, and is the root of a repository named "dnstap.pb". diff --git a/dnstap.proto b/dnstap.proto index 3bc74c2..48f81f2 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -1,7 +1,7 @@ -// dnstap: flexible, structured event replication format for DNS servers +// dnstap: flexible, structured event replication format for DNS software // This file contains the protobuf schemas for the "dnstap" structured event -// replication format for DNS servers. +// replication format for DNS software. package dnstap; From 6367797174320bcaf757c6769367a62555f64383 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sat, 29 Jun 2013 19:46:55 -0400 Subject: [PATCH 20/26] Message: remove message_id, query_name, query_type, query_class fields --- dnstap.proto | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 48f81f2..fd42d1e 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -175,49 +175,34 @@ message Message { // This is a 16-bit UDP or TCP port number, depending on SocketProtocol. optional uint32 response_port = 7; - // The DNS message ID of the query and/or response message. - // This is a 16-bit number. - optional uint32 message_id = 8; - - // The wire-format DNS query name. This field is case folded. The query - // name appears in its original case as sent or received on the wire in - // the question section of the verbatim query or response message. - optional bytes query_name = 9; - - // The DNS query type. - optional uint32 query_type = 10; - - // The DNS query class. - optional uint32 query_class = 11; - // The time at which the DNS query message was sent or received, depending // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY. // This is the number of seconds since the UNIX epoch. - optional uint64 query_time_sec = 12; + optional uint64 query_time_sec = 8; // The time at which the DNS query message was sent or received. // This is the seconds fraction, expressed as a count of nanoseconds. - optional fixed32 query_time_nsec = 13; + optional fixed32 query_time_nsec = 9; // The initiator's original wire-format DNS query message, verbatim. - optional bytes query_message = 14; + optional bytes query_message = 10; // The "zone" or "bailiwick" pertaining to the DNS query message. This // field is case folded. - optional bytes query_zone = 15; + optional bytes query_zone = 11; // The time at which the DNS response message was sent or received, // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or // CLIENT_RESPONSE. // This is the number of seconds since the UNIX epoch. - optional uint64 response_time_sec = 16; + optional uint64 response_time_sec = 12; // The time at which the DNS response message was sent or received. // This is the seconds fraction, expressed as a count of nanoseconds. - optional fixed32 response_time_nsec = 17; + optional fixed32 response_time_nsec = 13; // The responder's original wire-format DNS response message, verbatim. - optional bytes response_message = 18; + optional bytes response_message = 14; } // All fields except for 'type' in the Message schema are optional. From 562a5918b82c2ca39db7699e2e7b628efdb88f0e Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sat, 29 Jun 2013 19:52:02 -0400 Subject: [PATCH 21/26] Message: remove requirement that query_zone be case-folded, also clarify that it's wire-format --- dnstap.proto | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index fd42d1e..6797e63 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -187,8 +187,8 @@ message Message { // The initiator's original wire-format DNS query message, verbatim. optional bytes query_message = 10; - // The "zone" or "bailiwick" pertaining to the DNS query message. This - // field is case folded. + // The "zone" or "bailiwick" pertaining to the DNS query message. + // This is a wire-format DNS domain name. optional bytes query_zone = 11; // The time at which the DNS response message was sent or received, From 22dd4abb863fda9aa40fdbd7d824baabb711dc86 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Thu, 6 Feb 2014 14:39:24 -0500 Subject: [PATCH 22/26] update copyright and licensing statements due to ISC -> FSI transition --- COPYRIGHT | 13 ------ LICENSE | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++ dnstap.proto | 13 +++++- 3 files changed, 133 insertions(+), 14 deletions(-) delete mode 100644 COPYRIGHT create mode 100644 LICENSE diff --git a/COPYRIGHT b/COPYRIGHT deleted file mode 100644 index 27375a6..0000000 --- a/COPYRIGHT +++ /dev/null @@ -1,13 +0,0 @@ -Copyright (c) 2013 by Internet Systems Consortium, Inc. ("ISC") - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/dnstap.proto b/dnstap.proto index 6797e63..3504d99 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -1,8 +1,19 @@ // dnstap: flexible, structured event replication format for DNS software - +// // This file contains the protobuf schemas for the "dnstap" structured event // replication format for DNS software. +// Written in 2013-2014 by Farsight Security, Inc. +// +// To the extent possible under law, the author(s) have dedicated all +// copyright and related and neighboring rights to this file to the public +// domain worldwide. This file is distributed without any warranty. +// +// You should have received a copy of the CC0 Public Domain Dedication along +// with this file. If not, see: +// +// . + package dnstap; // "Dnstap": this is the top-level dnstap type, which is a "union" type that From 9b64afb54ba21a8adb083bb2bc6aed3c06d27274 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Thu, 6 Feb 2014 14:44:18 -0500 Subject: [PATCH 23/26] .gitignore: ignore C, C++, Go, and Python generated protobuf code --- .gitignore | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 3636986..a10d874 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,9 @@ .deps/ .dirstamp .libs/ -*.pb-c.* +*.pb-c.c +*.pb-c.h +*.pb.cc +*.pb.h +*.pb.go +*_pb2.py From 1a226fab3888c3dec05b83e4b6313fea99ab402c Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Fri, 18 Apr 2014 12:31:30 -0400 Subject: [PATCH 24/26] Message: add TOOL_QUERY, TOOL_RESPONSE Type values --- dnstap.proto | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dnstap.proto b/dnstap.proto index 3504d99..6928d91 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -157,6 +157,14 @@ message Message { // STUB_RESPONSE is a DNS response message sent from a DNS server to a // stub resolver, from the perspective of the stub resolver. STUB_RESPONSE = 10; + + // TOOL_QUERY is a DNS query message sent from a DNS software tool to a + // DNS server, from the perspective of the tool. + TOOL_QUERY = 11; + + // TOOL_RESPONSE is a DNS response message received by a DNS software + // tool from a DNS server, from the perspective of the tool. + TOOL_RESPONSE = 12; } // One of the Type values described above. From b600d893a2850db02a91239e1b7acde33f0e2e3c Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Fri, 18 Apr 2014 12:31:51 -0400 Subject: [PATCH 25/26] cleanup obsolete comments --- dnstap.proto | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnstap.proto b/dnstap.proto index 6928d91..1ed1bb0 100644 --- a/dnstap.proto +++ b/dnstap.proto @@ -243,7 +243,6 @@ message Message { // RESOLVER_QUERY: // socket_family, socket_protocol -// query_name, query_type, query_class // query_message // query_time_sec, query_time_nsec // query_zone @@ -251,7 +250,6 @@ message Message { // RESOLVER_RESPONSE: // socket_family, socket_protocol -// query_name, query_type, query_class // query_time_sec, query_time_nsec // query_zone // response_address, response_port From 2d8098aaef53e548e3808f757e48acc51c37b6c9 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Fri, 18 Apr 2014 12:32:22 -0400 Subject: [PATCH 26/26] .gitignore: also ignore protobuf .pyc files --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index a10d874..8ee78ff 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ *.pb.h *.pb.go *_pb2.py +*_pb2.pyc