Passive DNS server interface compliant to "Common Output Format"
Find a file
2016-08-29 17:45:41 +02:00
bin Big refactoring, make the server similar to misp-modules 2016-08-29 16:53:53 +02:00
qos_server Move non-tornado code to a class 2016-08-29 17:45:41 +02:00
.gitignore Big refactoring, make the server similar to misp-modules 2016-08-29 16:53:53 +02:00
LICENSE Free software license added 2013-12-24 15:21:04 +01:00
README.md Big refactoring, make the server similar to misp-modules 2016-08-29 16:53:53 +02:00
setup.py Big refactoring, make the server similar to misp-modules 2016-08-29 16:53:53 +02:00

Passive DNS server interface

pdns-qof server is a cof "Common Output Format" compliant passive DNS query interface for the pdns-toolkit or similar passive dns.

Requirements

Installation

pip3 install .

Running the qof-server

The server is using the default Redis configuration for the pdns-toolkit. Don't forget to change it if you have different configuration for your Passive dns data store.

qos-server

Usage

curl http://127.0.0.1:8888/query/www.microsoft.com
{"count": 127814, "time_first": 1298398002, "rrtype": "CNAME", "rrname": "www.microsoft.com", "rdata": "toggle.www.ms.akadns.net", "time_last": 1389022792}
curl http://127.0.0.1:8888/query/80.169.63.162
{"count": 112, "time_first": 1298398002, "rrtype": "A", "rrname": "infosports.dhnet.be", "rdata": "212.35.116.234", "time_last": 1354530214}
{"count": 4, "time_first": 1361180820, "rrtype": "A", "rrname": "infosports.dh.be", "rdata": "80.169.63.162", "time_last": 1366210757}
{"count": 2, "time_first": 1357803074, "rrtype": "A", "rrname": "maintenance.lalibre.be", "rdata": "212.35.116.249", "time_last": 1357803074}
{"count": 2, "time_first": 1388399295, "rrtype": "A", "rrname": "www.llb.be", "rdata": "80.169.63.162", "time_last": 1388399295}
{"count": 48, "time_first": 1374008604, "rrtype": "A", "rrname": "s.llb.be", "rdata": "80.169.63.162", "time_last": 1384916107}
{"count": 94256, "time_first": 1298398002, "rrtype": "A", "rrname": "www.lalibre.be", "rdata": "212.35.116.249", "time_last": 1361278027}
{"count": 213, "time_first": 1298398834, "rrtype": "A", "rrname": "infosports.lalibre.be", "rdata": "212.35.116.234", "time_last": 1355432823}

rr-types tool

rr-types.py is a tool to dump current IANA DNS RR types in various formats.

python3 bin/rr-types.py --help
usage: rr-types.py [-h] [-d] [-j] [-i] [-v]

Dump IANA DNS parameters in various formats

optional arguments:
  -h, --help  show this help message and exit
  -d          Python dict
  -j          JSON output (default format)
  -i          Disable integer value RR check
  -v          Verbose output