passive-dns-atlas/README.md

# passive-dns-atlas

Passive DNS collection (and statistics) from RIPE Atlas Sensors

The goal is to use RIPE Atlas Sensors as a source of DNS information for passive collection but also to provide
additional information and statistics to Passive DNS users from the DNS measurements performed by the RIPE Atlas sensors.

![overview](./overview.png)

# Requirements

- Python 3
- [ripe.atlas.cousteau](https://github.com/RIPE-NCC/ripe-atlas-cousteau)
- [ripe.atlas.sagan](https://github.com/RIPE-NCC/ripe.atlas.sagan)
- Redis compatible server
- RIPE Atlas API key

# Usage

## Feeding the system

The default `atlas_result` stream is used and only the current `dns` measurement is gathered.

Don't forget to set your API key for Atlas via `ripe-atlas configure --set authorisation.create=MY_API_KEY`.

~~~~
usage: pdns.py [-h] [-d] [-t TIMEOUT] [-o ONLY]

passive-dns-atlas

optional arguments:
  -h, --help            show this help message and exit
  -d, --debug
  -t TIMEOUT, --timeout TIMEOUT
                        set atlas stream timeout, default is 400 sec
  -o ONLY, --only ONLY  set a filter to allow check a specifity key and value
                        in DNS. format is key,value like Type,TXT
~~~~

In parallel, you can generate statistics from the `dns` measurement gathered.

~~~~
python3 get_stats.py --help
usage: get_stats.py [-h] [-t] [-c] [-l LIMIT] [-o OUTPUTDIR] [-s SKIP]

passive-dns-atlas statistics extractor

optional arguments:
  -h, --help            show this help message and exit
  -t, --table           Dump statistics table in ASCII
  -c, --csvd3js         Generate D3.js Bubble Chart
  -l LIMIT, --limit LIMIT
                        Limit of values to export per ZRANK - default 100
  -o OUTPUTDIR, --outputdir OUTPUTDIR
                        Output directory
  -s SKIP, --skip SKIP  Skip a specific value from the statistics
~~~~

Specific values can be skip to avoid these in the statistics like `--skip 0 --skip 86400`.

# Current Statistics

`get_stats.py -t`

~~~~
+----------------------+-------+
| Number of occurences |  TYPE |
+----------------------+-------+
|       2872619        |  TXT  |
|       1269079        |  SOA  |
|        28912         |   A   |
|         1353         | CNAME |
|         1005         |   MX  |
|         468          |  AAAA |
|         400          |   NS  |
|          21          | RRSIG |
|          12          |  PTR  |
+----------------------+-------+
....
~~~~

`get_stats.py -c --skip 0` generates a series of CSV files that can be ingested in D3.js bubble chart view.

![SOA records](soa.png)

Some more sample statistics available at [https://www.foo.be/ripe-atlas](https://www.foo.be/ripe-atlas) generated during the hackathon.

# License


~~~~
    passive-dns-atlas - a set of tool to gather RIPE Atlas Stream DNS measurement to do statistics and populate other Passive DNS.

    Copyright (C) 2017  Alexandre Dulaunoy

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as published
    by the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.

    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

~~~~
Initial commit 2017-04-20 12:16:13 +00:00			`# passive-dns-atlas`
First version of something called a README 2017-04-20 14:01:29 +00:00
Initial commit 2017-04-20 12:16:13 +00:00			`Passive DNS collection (and statistics) from RIPE Atlas Sensors`
First version of something called a README 2017-04-20 14:01:29 +00:00
			`The goal is to use RIPE Atlas Sensors as a source of DNS information for passive collection but also to provide`
			`additional information and statistics to Passive DNS users from the DNS measurements performed by the RIPE Atlas sensors.`

Overview diagram added in the README 2017-04-21 13:30:37 +00:00			`![overview](./overview.png)`

First version of something called a README 2017-04-20 14:01:29 +00:00			`# Requirements`

			`- Python 3`
			`- [ripe.atlas.cousteau](https://github.com/RIPE-NCC/ripe-atlas-cousteau)`
			`- [ripe.atlas.sagan](https://github.com/RIPE-NCC/ripe.atlas.sagan)`
			`- Redis compatible server`
			`- RIPE Atlas API key`

			`# Usage`

Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00			`## Feeding the system`

			The default `atlas_result` stream is used and only the current `dns` measurement is gathered.

			Don't forget to set your API key for Atlas via `ripe-atlas configure --set authorisation.create=MY_API_KEY`.

			`~~~~`
-o filter option added 2017-04-23 09:41:41 +00:00			`usage: pdns.py [-h] [-d] [-t TIMEOUT] [-o ONLY]`
Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00
			`passive-dns-atlas`

			`optional arguments:`
			`-h, --help show this help message and exit`
			`-d, --debug`
			`-t TIMEOUT, --timeout TIMEOUT`
			`set atlas stream timeout, default is 400 sec`
-o filter option added 2017-04-23 09:41:41 +00:00			`-o ONLY, --only ONLY set a filter to allow check a specifity key and value`
			`in DNS. format is key,value like Type,TXT`
First version of something called a README 2017-04-20 14:01:29 +00:00			`~~~~`
Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00
			In parallel, you can generate statistics from the `dns` measurement gathered.

			`~~~~`
			`python3 get_stats.py --help`
			`usage: get_stats.py [-h] [-t] [-c] [-l LIMIT] [-o OUTPUTDIR] [-s SKIP]`

			`passive-dns-atlas statistics extractor`

			`optional arguments:`
			`-h, --help show this help message and exit`
			`-t, --table Dump statistics table in ASCII`
			`-c, --csvd3js Generate D3.js Bubble Chart`
			`-l LIMIT, --limit LIMIT`
			`Limit of values to export per ZRANK - default 100`
			`-o OUTPUTDIR, --outputdir OUTPUTDIR`
			`Output directory`
			`-s SKIP, --skip SKIP Skip a specific value from the statistics`
First version of something called a README 2017-04-20 14:01:29 +00:00			`~~~~`

Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00			Specific values can be skip to avoid these in the statistics like `--skip 0 --skip 86400`.

First version of something called a README 2017-04-20 14:01:29 +00:00			`# Current Statistics`

Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00			`get_stats.py -t`

There are two kind of lie: a lie or some statistics. 2017-04-20 14:02:38 +00:00			`~~~~`
Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00			`+----------------------+-------+`
			`\| Number of occurences \| TYPE \|`
			`+----------------------+-------+`
			`\| 2872619 \| TXT \|`
			`\| 1269079 \| SOA \|`
			`\| 28912 \| A \|`
			`\| 1353 \| CNAME \|`
			`\| 1005 \| MX \|`
			`\| 468 \| AAAA \|`
			`\| 400 \| NS \|`
			`\| 21 \| RRSIG \|`
			`\| 12 \| PTR \|`
			`+----------------------+-------+`
			`....`
There are two kind of lie: a lie or some statistics. 2017-04-20 14:02:38 +00:00			`~~~~`

Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00			`get_stats.py -c --skip 0` generates a series of CSV files that can be ingested in D3.js bubble chart view.

			`![SOA records](soa.png)`

A sample website export added 2017-04-21 13:53:25 +00:00			`Some more sample statistics available at [https://www.foo.be/ripe-atlas](https://www.foo.be/ripe-atlas) generated during the hackathon.`

First version of something called a README 2017-04-20 14:01:29 +00:00			`# License`

Screenshot added and improved basic documentation 2017-04-21 09:58:25 +00:00
			`~~~~`
			`passive-dns-atlas - a set of tool to gather RIPE Atlas Stream DNS measurement to do statistics and populate other Passive DNS.`

			`Copyright (C) 2017 Alexandre Dulaunoy`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published`
			`by the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`~~~~`