fix grammar

This commit is contained in:
Aaron Kaplan 2013-12-25 19:21:40 +01:00
parent 422cd1813b
commit 438a202b25
2 changed files with 161 additions and 103 deletions

View file

@ -72,30 +72,30 @@ Table of Contents
3. Common Output Format . . . . . . . . . . . . . . . . . . . . . 4 3. Common Output Format . . . . . . . . . . . . . . . . . . . . . 4
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.3. Mandatory Fields . . . . . . . . . . . . . . . . . . . . . 4 3.3. ABNF grammar . . . . . . . . . . . . . . . . . . . . . . . 4
3.3.1. General remarks on mandatory fields . . . . . . . . . . 4 3.4. Mandatory Fields . . . . . . . . . . . . . . . . . . . . . 4
3.3.2. rrname . . . . . . . . . . . . . . . . . . . . . . . . 4 3.4.1. General remarks on mandatory fields . . . . . . . . . . 5
3.3.3. rrtype . . . . . . . . . . . . . . . . . . . . . . . . 4 3.4.2. rrname . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3.4. rdata . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.4.3. rrtype . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3.5. time_first . . . . . . . . . . . . . . . . . . . . . . 5 3.4.4. rdata . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3.6. time_last . . . . . . . . . . . . . . . . . . . . . . . 5 3.4.5. time_first . . . . . . . . . . . . . . . . . . . . . . 5
3.4. Optional Fields . . . . . . . . . . . . . . . . . . . . . . 5 3.4.6. time_last . . . . . . . . . . . . . . . . . . . . . . . 5
3.4.1. count . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.5. Optional Fields . . . . . . . . . . . . . . . . . . . . . . 6
3.4.2. Bailiwick . . . . . . . . . . . . . . . . . . . . . . . 6 3.5.1. count . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5. Additional Fields . . . . . . . . . . . . . . . . . . . . . 6 3.5.2. Bailiwick . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.1. sensor_id . . . . . . . . . . . . . . . . . . . . . . . 6 3.6. Additional Fields . . . . . . . . . . . . . . . . . . . . . 6
3.5.2. zone_time_first . . . . . . . . . . . . . . . . . . . . 6 3.6.1. sensor_id . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.3. zone_time_last . . . . . . . . . . . . . . . . . . . . 6 3.6.2. zone_time_first . . . . . . . . . . . . . . . . . . . . 6
3.6. Additional Fields Registry . . . . . . . . . . . . . . . . 6 3.6.3. zone_time_last . . . . . . . . . . . . . . . . . . . . 6
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 3.7. Additional Fields Registry . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . . 7
7.2. References . . . . . . . . . . . . . . . . . . . . . . . . 7 7.2. References . . . . . . . . . . . . . . . . . . . . . . . . 8
7.3. Informative References . . . . . . . . . . . . . . . . . . 8 7.3. Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
@ -193,30 +193,30 @@ Internet-Draft Passive DNS - Common Output Format December 2013
"time_last": "1386405372" } "time_last": "1386405372" }
... (separated by newline)... ... (separated by newline)...
3.3. Mandatory Fields 3.3. ABNF grammar
ABNF:
answer = elements
elements = * ( element CR)
element = "{" keyvallist "}"
keyvallist = JSONobject
JSONobject = [ member *( value-separator member ) ]
member = string name-separator value
name-separator = ws %x3A ws ; : colon
value = value ; as defined in the JSON RFC
CR = %x0D
Note that value is defined in JSON [RFC4627] and has the exact same
specification as there.
3.4. Mandatory Fields
Implementation MUST support all the mandatory fields. Implementation MUST support all the mandatory fields.
3.3.1. General remarks on mandatory fields
Uniqueness property: the tuple (rrname,rrtype,rdata) will always be
unique within one answer per server. While rrname and rrtype are
always individual JSON primitive types (strings, numbers, booleans or
null), rdata MAY be an array as defined in JSON [RFC4627]
3.3.2. rrname
This field returns the name of the queried resource.
3.3.3. rrtype
This field returns the resource record type as seen by the passive
DNS. The key is rrtype and the value is in the interpreted record
type. If the value cannot be interpreted the decimal value is
returned following the principle of transparency as described in RFC
3597 [RFC3597]. The resource record type can be any values as
described by IANA in the DNS parameters document in the section 'DNS
Label types' (http://www.iana.org/assignments/dns-parameters).
@ -225,13 +225,33 @@ Dulaunoy, et al. Expires June 28, 2014 [Page 4]
Internet-Draft Passive DNS - Common Output Format December 2013 Internet-Draft Passive DNS - Common Output Format December 2013
3.4.1. General remarks on mandatory fields
Uniqueness property: the tuple (rrname,rrtype,rdata) will always be
unique within one answer per server. While rrname and rrtype are
always individual JSON primitive types (strings, numbers, booleans or
null), rdata MAY be an array as defined in JSON [RFC4627]
3.4.2. rrname
This field returns the name of the queried resource.
3.4.3. rrtype
This field returns the resource record type as seen by the passive
DNS. The key is rrtype and the value is in the interpreted record
type. If the value cannot be interpreted the decimal value is
returned following the principle of transparency as described in RFC
3597 [RFC3597]. The resource record type can be any values as
described by IANA in the DNS parameters document in the section 'DNS
Label types' (http://www.iana.org/assignments/dns-parameters).
Currently known and supported textual descriptions of rrtypes are: A, Currently known and supported textual descriptions of rrtypes are: A,
AAAA, CNAME, PTR, SOA, TXT, DNAME, NS, SRV, RP, NAPTR, HINFO, A6. A AAAA, CNAME, PTR, SOA, TXT, DNAME, NS, SRV, RP, NAPTR, HINFO, A6. A
client MUST be able to understand these textual rtype values. In client MUST be able to understand these textual rtype values. In
addition, a client MUST be able to handle a decimal value (as addition, a client MUST be able to handle a decimal value (as
mentioned above) as answer. mentioned above) as answer.
3.3.4. rdata 3.4.4. rdata
This field returns the data of the queried resource. In general, This field returns the data of the queried resource. In general,
this is to be interpreted as string. Depending on the rtype, this this is to be interpreted as string. Depending on the rtype, this
@ -242,25 +262,33 @@ Internet-Draft Passive DNS - Common Output Format December 2013
unknown DNS resource records, the server must follow the transparency unknown DNS resource records, the server must follow the transparency
principle as described in RFC 3597 [RFC3597]. principle as described in RFC 3597 [RFC3597].
3.3.5. time_first 3.4.5. time_first
This field returns the first time that the record / unique tuple This field returns the first time that the record / unique tuple
(rrname, rrtype, rdata) has been seen by the passive DNS. The date (rrname, rrtype, rdata) has been seen by the passive DNS. The date
is expressed in seconds (decimal ASCII) since 1st of January 1970 is expressed in seconds (decimal ASCII) since 1st of January 1970
(Unix timestamp). The time zone MUST be UTC. (Unix timestamp). The time zone MUST be UTC.
3.3.6. time_last 3.4.6. time_last
This field returns the last time that the unique tuple (rrname, This field returns the last time that the unique tuple (rrname,
rrtype, rdata) record has been seen by the passive DNS. The date is rrtype, rdata) record has been seen by the passive DNS. The date is
Dulaunoy, et al. Expires June 28, 2014 [Page 5]
Internet-Draft Passive DNS - Common Output Format December 2013
expressed in seconds (decimal ASCII) since 1st of January 1970 (Unix expressed in seconds (decimal ASCII) since 1st of January 1970 (Unix
timestamp). The time zone MUST be UTC. timestamp). The time zone MUST be UTC.
3.4. Optional Fields 3.5. Optional Fields
Implementations SHOULD support one or more field. Implementations SHOULD support one or more field.
3.4.1. count 3.5.1. count
Specifies how many authoritative DNS answers were received at the Specifies how many authoritative DNS answers were received at the
Passive DNS Server's collectors with the set of answers (i.e. same Passive DNS Server's collectors with the set of answers (i.e. same
@ -270,47 +298,46 @@ Internet-Draft Passive DNS - Common Output Format December 2013
other type fields has been seen in the given time interval (between other type fields has been seen in the given time interval (between
time_last and time_first). Decimal number. time_last and time_first). Decimal number.
3.5.2. Bailiwick
Dulaunoy, et al. Expires June 28, 2014 [Page 5]
Internet-Draft Passive DNS - Common Output Format December 2013
3.4.2. Bailiwick
The bailiwick is the best estimate of the apex of the zone where this The bailiwick is the best estimate of the apex of the zone where this
data is authoritative. String. data is authoritative. String.
3.5. Additional Fields 3.6. Additional Fields
Implementations MAY support the following fields: Implementations MAY support the following fields:
3.5.1. sensor_id 3.6.1. sensor_id
This field returns the sensor information where the record was seen. This field returns the sensor information where the record was seen.
The sensor_id is an opaque byte string as defined by RFC 5001 in The sensor_id is an opaque byte string as defined by RFC 5001 in
section 2.3 [RFC5001]. section 2.3 [RFC5001].
3.5.2. zone_time_first 3.6.2. zone_time_first
This field returns the first time that the unique tuple (rrname, This field returns the first time that the unique tuple (rrname,
rrtype, rdata) record has been seen via zone file import. The date rrtype, rdata) record has been seen via zone file import. The date
is expressed in seconds (decimal ASCII) since 1st of January 1970 is expressed in seconds (decimal ASCII) since 1st of January 1970
(Unix timestamp). The time zone MUST be UTC. (Unix timestamp). The time zone MUST be UTC.
3.5.3. zone_time_last 3.6.3. zone_time_last
This field returns the last time that the unique tuple (rrname, This field returns the last time that the unique tuple (rrname,
rrtype, rdata) record has been seen via zone file import. The date rrtype, rdata) record has been seen via zone file import. The date
is expressed in seconds (decimal ASCII) since 1st of January 1970 is expressed in seconds (decimal ASCII) since 1st of January 1970
(Unix timestamp). The time zone MUST be UTC. (Unix timestamp). The time zone MUST be UTC.
3.6. Additional Fields Registry
Dulaunoy, et al. Expires June 28, 2014 [Page 6]
Internet-Draft Passive DNS - Common Output Format December 2013
3.7. Additional Fields Registry
In accordance with [RFC6648], designers of new passive DNS In accordance with [RFC6648], designers of new passive DNS
applications that would need additional fields can request and applications that would need additional fields can request and
@ -328,15 +355,6 @@ Internet-Draft Passive DNS - Common Output Format December 2013
This memo includes no request to IANA. This memo includes no request to IANA.
Dulaunoy, et al. Expires June 28, 2014 [Page 6]
Internet-Draft Passive DNS - Common Output Format December 2013
6. Security Considerations 6. Security Considerations
In some cases, Passive DNS output might contain confidential In some cases, Passive DNS output might contain confidential
@ -367,6 +385,14 @@ Internet-Draft Passive DNS - Common Output Format December 2013
[RFC4627] Crockford, D., "The application/json Media Type for [RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627, July 2006. JavaScript Object Notation (JSON)", RFC 4627, July 2006.
Dulaunoy, et al. Expires June 28, 2014 [Page 7]
Internet-Draft Passive DNS - Common Output Format December 2013
[RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option", [RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option",
RFC 5001, August 2007. RFC 5001, August 2007.
@ -385,14 +411,6 @@ Internet-Draft Passive DNS - Common Output Format December 2013
"Black ops 2008: It's the end of the cache as we know "Black ops 2008: It's the end of the cache as we know
it.", 2008, <http://kurser.lobner.dk/dDist/DMK_BO2K8.pdf>. it.", 2008, <http://kurser.lobner.dk/dDist/DMK_BO2K8.pdf>.
Dulaunoy, et al. Expires June 28, 2014 [Page 7]
Internet-Draft Passive DNS - Common Output Format December 2013
[DNSDB] "DNSDB API", 2013, <https://api.dnsdb.info/>. [DNSDB] "DNSDB API", 2013, <https://api.dnsdb.info/>.
[PDNSCERTAT] [PDNSCERTAT]
@ -420,6 +438,17 @@ Internet-Draft Passive DNS - Common Output Format December 2013
"Passive DNS Replication", 2005, <http://www.enyo.de/fw/ "Passive DNS Replication", 2005, <http://www.enyo.de/fw/
software/dnslogger/first2005-paper.pdf>. software/dnslogger/first2005-paper.pdf>.
Dulaunoy, et al. Expires June 28, 2014 [Page 8]
Internet-Draft Passive DNS - Common Output Format December 2013
7.3. Informative References 7.3. Informative References
[I-D.narten-iana-considerations-rfc2434bis] [I-D.narten-iana-considerations-rfc2434bis]
@ -433,22 +462,6 @@ Internet-Draft Passive DNS - Common Output Format December 2013
July 2003. July 2003.
Dulaunoy, et al. Expires June 28, 2014 [Page 8]
Internet-Draft Passive DNS - Common Output Format December 2013
Authors' Addresses Authors' Addresses
Alexandre Dulaunoy Alexandre Dulaunoy
@ -484,6 +497,14 @@ Authors' Addresses
URI: https://www.farsightsecurity.com/ URI: https://www.farsightsecurity.com/
Dulaunoy, et al. Expires June 28, 2014 [Page 9]
Internet-Draft Passive DNS - Common Output Format December 2013
Henry Stern Henry Stern
Farsight Security, Inc. Farsight Security, Inc.
1741 Brunswick Street, Suite 500 1741 Brunswick Street, Suite 500
@ -500,5 +521,40 @@ Authors' Addresses
Dulaunoy, et al. Expires June 28, 2014 [Page 9]
Dulaunoy, et al. Expires June 28, 2014 [Page 10]

View file

@ -179,18 +179,20 @@ The document does not describe the protocol (e.g. <xref target="RFC3912">WHOIS</
... (separated by newline)... ... (separated by newline)...
]]></artwork></figure> ]]></artwork></figure>
</section> </section>
<!--
<section title="ABNF grammar"> <section title="ABNF grammar">
<figure><preamble>ABNF:</preamble><artwork><![CDATA[ <figure><preamble>ABNF:</preamble><artwork><![CDATA[
answer = elements answer = elements
elements = * ( element CR) elements = * ( element CR)
element = "{" keyvallist "}" element = "{" keyvallist "}"
keyvallist = JSON object keyvallist = JSONobject
JSONobject = [ member *( value-separator member ) ]
member = string name-separator value
name-separator = ws %x3A ws ; : colon
value = value ; as defined in the JSON RFC
CR = %x0D CR = %x0D
]]></artwork></figure> ]]></artwork></figure>
<t>Note that JSON Object is defined in <xref target="RFC4627">JSON</xref></t>. <t>Note that value is defined in <xref target="RFC4627">JSON</xref> and has the exact same specification as there.</t>
</section> </section>
-->
<section title="Mandatory Fields"> <section title="Mandatory Fields">
<t>Implementation MUST support all the mandatory fields.</t> <t>Implementation MUST support all the mandatory fields.</t>
<section title="General remarks on mandatory fields"> <section title="General remarks on mandatory fields">