mirror of
https://github.com/adulau/pdns-qof.git
synced 2024-11-26 03:57:12 +00:00
fix grammar
This commit is contained in:
parent
422cd1813b
commit
438a202b25
2 changed files with 161 additions and 103 deletions
246
i-d/pdns-qof.txt
246
i-d/pdns-qof.txt
|
@ -72,30 +72,30 @@ Table of Contents
|
||||||
3. Common Output Format . . . . . . . . . . . . . . . . . . . . . 4
|
3. Common Output Format . . . . . . . . . . . . . . . . . . . . . 4
|
||||||
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4
|
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4
|
||||||
3.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 4
|
3.2. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 4
|
||||||
3.3. Mandatory Fields . . . . . . . . . . . . . . . . . . . . . 4
|
3.3. ABNF grammar . . . . . . . . . . . . . . . . . . . . . . . 4
|
||||||
3.3.1. General remarks on mandatory fields . . . . . . . . . . 4
|
3.4. Mandatory Fields . . . . . . . . . . . . . . . . . . . . . 4
|
||||||
3.3.2. rrname . . . . . . . . . . . . . . . . . . . . . . . . 4
|
3.4.1. General remarks on mandatory fields . . . . . . . . . . 5
|
||||||
3.3.3. rrtype . . . . . . . . . . . . . . . . . . . . . . . . 4
|
3.4.2. rrname . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||||
3.3.4. rdata . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
3.4.3. rrtype . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||||
3.3.5. time_first . . . . . . . . . . . . . . . . . . . . . . 5
|
3.4.4. rdata . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||||
3.3.6. time_last . . . . . . . . . . . . . . . . . . . . . . . 5
|
3.4.5. time_first . . . . . . . . . . . . . . . . . . . . . . 5
|
||||||
3.4. Optional Fields . . . . . . . . . . . . . . . . . . . . . . 5
|
3.4.6. time_last . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||||
3.4.1. count . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
3.5. Optional Fields . . . . . . . . . . . . . . . . . . . . . . 6
|
||||||
3.4.2. Bailiwick . . . . . . . . . . . . . . . . . . . . . . . 6
|
3.5.1. count . . . . . . . . . . . . . . . . . . . . . . . . . 6
|
||||||
3.5. Additional Fields . . . . . . . . . . . . . . . . . . . . . 6
|
3.5.2. Bailiwick . . . . . . . . . . . . . . . . . . . . . . . 6
|
||||||
3.5.1. sensor_id . . . . . . . . . . . . . . . . . . . . . . . 6
|
3.6. Additional Fields . . . . . . . . . . . . . . . . . . . . . 6
|
||||||
3.5.2. zone_time_first . . . . . . . . . . . . . . . . . . . . 6
|
3.6.1. sensor_id . . . . . . . . . . . . . . . . . . . . . . . 6
|
||||||
3.5.3. zone_time_last . . . . . . . . . . . . . . . . . . . . 6
|
3.6.2. zone_time_first . . . . . . . . . . . . . . . . . . . . 6
|
||||||
3.6. Additional Fields Registry . . . . . . . . . . . . . . . . 6
|
3.6.3. zone_time_last . . . . . . . . . . . . . . . . . . . . 6
|
||||||
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
|
3.7. Additional Fields Registry . . . . . . . . . . . . . . . . 7
|
||||||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
|
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
|
||||||
|
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
|
||||||
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
|
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
|
||||||
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
|
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
|
||||||
7.1. Normative References . . . . . . . . . . . . . . . . . . . 7
|
7.1. Normative References . . . . . . . . . . . . . . . . . . . 7
|
||||||
7.2. References . . . . . . . . . . . . . . . . . . . . . . . . 7
|
7.2. References . . . . . . . . . . . . . . . . . . . . . . . . 8
|
||||||
7.3. Informative References . . . . . . . . . . . . . . . . . . 8
|
7.3. Informative References . . . . . . . . . . . . . . . . . . 9
|
||||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
|
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -193,30 +193,30 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
"time_last": "1386405372" }
|
"time_last": "1386405372" }
|
||||||
... (separated by newline)...
|
... (separated by newline)...
|
||||||
|
|
||||||
3.3. Mandatory Fields
|
3.3. ABNF grammar
|
||||||
|
|
||||||
|
ABNF:
|
||||||
|
|
||||||
|
answer = elements
|
||||||
|
elements = * ( element CR)
|
||||||
|
element = "{" keyvallist "}"
|
||||||
|
keyvallist = JSONobject
|
||||||
|
JSONobject = [ member *( value-separator member ) ]
|
||||||
|
member = string name-separator value
|
||||||
|
name-separator = ws %x3A ws ; : colon
|
||||||
|
value = value ; as defined in the JSON RFC
|
||||||
|
CR = %x0D
|
||||||
|
|
||||||
|
Note that value is defined in JSON [RFC4627] and has the exact same
|
||||||
|
specification as there.
|
||||||
|
|
||||||
|
3.4. Mandatory Fields
|
||||||
|
|
||||||
Implementation MUST support all the mandatory fields.
|
Implementation MUST support all the mandatory fields.
|
||||||
|
|
||||||
3.3.1. General remarks on mandatory fields
|
|
||||||
|
|
||||||
Uniqueness property: the tuple (rrname,rrtype,rdata) will always be
|
|
||||||
unique within one answer per server. While rrname and rrtype are
|
|
||||||
always individual JSON primitive types (strings, numbers, booleans or
|
|
||||||
null), rdata MAY be an array as defined in JSON [RFC4627]
|
|
||||||
|
|
||||||
3.3.2. rrname
|
|
||||||
|
|
||||||
This field returns the name of the queried resource.
|
|
||||||
|
|
||||||
3.3.3. rrtype
|
|
||||||
|
|
||||||
This field returns the resource record type as seen by the passive
|
|
||||||
DNS. The key is rrtype and the value is in the interpreted record
|
|
||||||
type. If the value cannot be interpreted the decimal value is
|
|
||||||
returned following the principle of transparency as described in RFC
|
|
||||||
3597 [RFC3597]. The resource record type can be any values as
|
|
||||||
described by IANA in the DNS parameters document in the section 'DNS
|
|
||||||
Label types' (http://www.iana.org/assignments/dns-parameters).
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -225,13 +225,33 @@ Dulaunoy, et al. Expires June 28, 2014 [Page 4]
|
||||||
Internet-Draft Passive DNS - Common Output Format December 2013
|
Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
|
|
||||||
|
|
||||||
|
3.4.1. General remarks on mandatory fields
|
||||||
|
|
||||||
|
Uniqueness property: the tuple (rrname,rrtype,rdata) will always be
|
||||||
|
unique within one answer per server. While rrname and rrtype are
|
||||||
|
always individual JSON primitive types (strings, numbers, booleans or
|
||||||
|
null), rdata MAY be an array as defined in JSON [RFC4627]
|
||||||
|
|
||||||
|
3.4.2. rrname
|
||||||
|
|
||||||
|
This field returns the name of the queried resource.
|
||||||
|
|
||||||
|
3.4.3. rrtype
|
||||||
|
|
||||||
|
This field returns the resource record type as seen by the passive
|
||||||
|
DNS. The key is rrtype and the value is in the interpreted record
|
||||||
|
type. If the value cannot be interpreted the decimal value is
|
||||||
|
returned following the principle of transparency as described in RFC
|
||||||
|
3597 [RFC3597]. The resource record type can be any values as
|
||||||
|
described by IANA in the DNS parameters document in the section 'DNS
|
||||||
|
Label types' (http://www.iana.org/assignments/dns-parameters).
|
||||||
Currently known and supported textual descriptions of rrtypes are: A,
|
Currently known and supported textual descriptions of rrtypes are: A,
|
||||||
AAAA, CNAME, PTR, SOA, TXT, DNAME, NS, SRV, RP, NAPTR, HINFO, A6. A
|
AAAA, CNAME, PTR, SOA, TXT, DNAME, NS, SRV, RP, NAPTR, HINFO, A6. A
|
||||||
client MUST be able to understand these textual rtype values. In
|
client MUST be able to understand these textual rtype values. In
|
||||||
addition, a client MUST be able to handle a decimal value (as
|
addition, a client MUST be able to handle a decimal value (as
|
||||||
mentioned above) as answer.
|
mentioned above) as answer.
|
||||||
|
|
||||||
3.3.4. rdata
|
3.4.4. rdata
|
||||||
|
|
||||||
This field returns the data of the queried resource. In general,
|
This field returns the data of the queried resource. In general,
|
||||||
this is to be interpreted as string. Depending on the rtype, this
|
this is to be interpreted as string. Depending on the rtype, this
|
||||||
|
@ -242,25 +262,33 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
unknown DNS resource records, the server must follow the transparency
|
unknown DNS resource records, the server must follow the transparency
|
||||||
principle as described in RFC 3597 [RFC3597].
|
principle as described in RFC 3597 [RFC3597].
|
||||||
|
|
||||||
3.3.5. time_first
|
3.4.5. time_first
|
||||||
|
|
||||||
This field returns the first time that the record / unique tuple
|
This field returns the first time that the record / unique tuple
|
||||||
(rrname, rrtype, rdata) has been seen by the passive DNS. The date
|
(rrname, rrtype, rdata) has been seen by the passive DNS. The date
|
||||||
is expressed in seconds (decimal ASCII) since 1st of January 1970
|
is expressed in seconds (decimal ASCII) since 1st of January 1970
|
||||||
(Unix timestamp). The time zone MUST be UTC.
|
(Unix timestamp). The time zone MUST be UTC.
|
||||||
|
|
||||||
3.3.6. time_last
|
3.4.6. time_last
|
||||||
|
|
||||||
This field returns the last time that the unique tuple (rrname,
|
This field returns the last time that the unique tuple (rrname,
|
||||||
rrtype, rdata) record has been seen by the passive DNS. The date is
|
rrtype, rdata) record has been seen by the passive DNS. The date is
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy, et al. Expires June 28, 2014 [Page 5]
|
||||||
|
|
||||||
|
Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
|
|
||||||
|
|
||||||
expressed in seconds (decimal ASCII) since 1st of January 1970 (Unix
|
expressed in seconds (decimal ASCII) since 1st of January 1970 (Unix
|
||||||
timestamp). The time zone MUST be UTC.
|
timestamp). The time zone MUST be UTC.
|
||||||
|
|
||||||
3.4. Optional Fields
|
3.5. Optional Fields
|
||||||
|
|
||||||
Implementations SHOULD support one or more field.
|
Implementations SHOULD support one or more field.
|
||||||
|
|
||||||
3.4.1. count
|
3.5.1. count
|
||||||
|
|
||||||
Specifies how many authoritative DNS answers were received at the
|
Specifies how many authoritative DNS answers were received at the
|
||||||
Passive DNS Server's collectors with the set of answers (i.e. same
|
Passive DNS Server's collectors with the set of answers (i.e. same
|
||||||
|
@ -270,47 +298,46 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
other type fields has been seen in the given time interval (between
|
other type fields has been seen in the given time interval (between
|
||||||
time_last and time_first). Decimal number.
|
time_last and time_first). Decimal number.
|
||||||
|
|
||||||
|
3.5.2. Bailiwick
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy, et al. Expires June 28, 2014 [Page 5]
|
|
||||||
|
|
||||||
Internet-Draft Passive DNS - Common Output Format December 2013
|
|
||||||
|
|
||||||
|
|
||||||
3.4.2. Bailiwick
|
|
||||||
|
|
||||||
The bailiwick is the best estimate of the apex of the zone where this
|
The bailiwick is the best estimate of the apex of the zone where this
|
||||||
data is authoritative. String.
|
data is authoritative. String.
|
||||||
|
|
||||||
3.5. Additional Fields
|
3.6. Additional Fields
|
||||||
|
|
||||||
Implementations MAY support the following fields:
|
Implementations MAY support the following fields:
|
||||||
|
|
||||||
3.5.1. sensor_id
|
3.6.1. sensor_id
|
||||||
|
|
||||||
This field returns the sensor information where the record was seen.
|
This field returns the sensor information where the record was seen.
|
||||||
The sensor_id is an opaque byte string as defined by RFC 5001 in
|
The sensor_id is an opaque byte string as defined by RFC 5001 in
|
||||||
section 2.3 [RFC5001].
|
section 2.3 [RFC5001].
|
||||||
|
|
||||||
3.5.2. zone_time_first
|
3.6.2. zone_time_first
|
||||||
|
|
||||||
This field returns the first time that the unique tuple (rrname,
|
This field returns the first time that the unique tuple (rrname,
|
||||||
rrtype, rdata) record has been seen via zone file import. The date
|
rrtype, rdata) record has been seen via zone file import. The date
|
||||||
is expressed in seconds (decimal ASCII) since 1st of January 1970
|
is expressed in seconds (decimal ASCII) since 1st of January 1970
|
||||||
(Unix timestamp). The time zone MUST be UTC.
|
(Unix timestamp). The time zone MUST be UTC.
|
||||||
|
|
||||||
3.5.3. zone_time_last
|
3.6.3. zone_time_last
|
||||||
|
|
||||||
This field returns the last time that the unique tuple (rrname,
|
This field returns the last time that the unique tuple (rrname,
|
||||||
rrtype, rdata) record has been seen via zone file import. The date
|
rrtype, rdata) record has been seen via zone file import. The date
|
||||||
is expressed in seconds (decimal ASCII) since 1st of January 1970
|
is expressed in seconds (decimal ASCII) since 1st of January 1970
|
||||||
(Unix timestamp). The time zone MUST be UTC.
|
(Unix timestamp). The time zone MUST be UTC.
|
||||||
|
|
||||||
3.6. Additional Fields Registry
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy, et al. Expires June 28, 2014 [Page 6]
|
||||||
|
|
||||||
|
Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
|
|
||||||
|
|
||||||
|
3.7. Additional Fields Registry
|
||||||
|
|
||||||
In accordance with [RFC6648], designers of new passive DNS
|
In accordance with [RFC6648], designers of new passive DNS
|
||||||
applications that would need additional fields can request and
|
applications that would need additional fields can request and
|
||||||
|
@ -328,15 +355,6 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
This memo includes no request to IANA.
|
This memo includes no request to IANA.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy, et al. Expires June 28, 2014 [Page 6]
|
|
||||||
|
|
||||||
Internet-Draft Passive DNS - Common Output Format December 2013
|
|
||||||
|
|
||||||
|
|
||||||
6. Security Considerations
|
6. Security Considerations
|
||||||
|
|
||||||
In some cases, Passive DNS output might contain confidential
|
In some cases, Passive DNS output might contain confidential
|
||||||
|
@ -367,6 +385,14 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
[RFC4627] Crockford, D., "The application/json Media Type for
|
[RFC4627] Crockford, D., "The application/json Media Type for
|
||||||
JavaScript Object Notation (JSON)", RFC 4627, July 2006.
|
JavaScript Object Notation (JSON)", RFC 4627, July 2006.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy, et al. Expires June 28, 2014 [Page 7]
|
||||||
|
|
||||||
|
Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
|
|
||||||
|
|
||||||
[RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option",
|
[RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option",
|
||||||
RFC 5001, August 2007.
|
RFC 5001, August 2007.
|
||||||
|
|
||||||
|
@ -385,14 +411,6 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
"Black ops 2008: It's the end of the cache as we know
|
"Black ops 2008: It's the end of the cache as we know
|
||||||
it.", 2008, <http://kurser.lobner.dk/dDist/DMK_BO2K8.pdf>.
|
it.", 2008, <http://kurser.lobner.dk/dDist/DMK_BO2K8.pdf>.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy, et al. Expires June 28, 2014 [Page 7]
|
|
||||||
|
|
||||||
Internet-Draft Passive DNS - Common Output Format December 2013
|
|
||||||
|
|
||||||
|
|
||||||
[DNSDB] "DNSDB API", 2013, <https://api.dnsdb.info/>.
|
[DNSDB] "DNSDB API", 2013, <https://api.dnsdb.info/>.
|
||||||
|
|
||||||
[PDNSCERTAT]
|
[PDNSCERTAT]
|
||||||
|
@ -420,6 +438,17 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
"Passive DNS Replication", 2005, <http://www.enyo.de/fw/
|
"Passive DNS Replication", 2005, <http://www.enyo.de/fw/
|
||||||
software/dnslogger/first2005-paper.pdf>.
|
software/dnslogger/first2005-paper.pdf>.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy, et al. Expires June 28, 2014 [Page 8]
|
||||||
|
|
||||||
|
Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
|
|
||||||
|
|
||||||
7.3. Informative References
|
7.3. Informative References
|
||||||
|
|
||||||
[I-D.narten-iana-considerations-rfc2434bis]
|
[I-D.narten-iana-considerations-rfc2434bis]
|
||||||
|
@ -433,22 +462,6 @@ Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
July 2003.
|
July 2003.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy, et al. Expires June 28, 2014 [Page 8]
|
|
||||||
|
|
||||||
Internet-Draft Passive DNS - Common Output Format December 2013
|
|
||||||
|
|
||||||
|
|
||||||
Authors' Addresses
|
Authors' Addresses
|
||||||
|
|
||||||
Alexandre Dulaunoy
|
Alexandre Dulaunoy
|
||||||
|
@ -484,6 +497,14 @@ Authors' Addresses
|
||||||
URI: https://www.farsightsecurity.com/
|
URI: https://www.farsightsecurity.com/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy, et al. Expires June 28, 2014 [Page 9]
|
||||||
|
|
||||||
|
Internet-Draft Passive DNS - Common Output Format December 2013
|
||||||
|
|
||||||
|
|
||||||
Henry Stern
|
Henry Stern
|
||||||
Farsight Security, Inc.
|
Farsight Security, Inc.
|
||||||
1741 Brunswick Street, Suite 500
|
1741 Brunswick Street, Suite 500
|
||||||
|
@ -500,5 +521,40 @@ Authors' Addresses
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy, et al. Expires June 28, 2014 [Page 9]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy, et al. Expires June 28, 2014 [Page 10]
|
||||||
|
|
||||||
|
|
|
@ -179,18 +179,20 @@ The document does not describe the protocol (e.g. <xref target="RFC3912">WHOIS</
|
||||||
... (separated by newline)...
|
... (separated by newline)...
|
||||||
]]></artwork></figure>
|
]]></artwork></figure>
|
||||||
</section>
|
</section>
|
||||||
<!--
|
|
||||||
<section title="ABNF grammar">
|
<section title="ABNF grammar">
|
||||||
<figure><preamble>ABNF:</preamble><artwork><![CDATA[
|
<figure><preamble>ABNF:</preamble><artwork><![CDATA[
|
||||||
answer = elements
|
answer = elements
|
||||||
elements = * ( element CR)
|
elements = * ( element CR)
|
||||||
element = "{" keyvallist "}"
|
element = "{" keyvallist "}"
|
||||||
keyvallist = JSON object
|
keyvallist = JSONobject
|
||||||
|
JSONobject = [ member *( value-separator member ) ]
|
||||||
|
member = string name-separator value
|
||||||
|
name-separator = ws %x3A ws ; : colon
|
||||||
|
value = value ; as defined in the JSON RFC
|
||||||
CR = %x0D
|
CR = %x0D
|
||||||
]]></artwork></figure>
|
]]></artwork></figure>
|
||||||
<t>Note that JSON Object is defined in <xref target="RFC4627">JSON</xref></t>.
|
<t>Note that value is defined in <xref target="RFC4627">JSON</xref> and has the exact same specification as there.</t>
|
||||||
</section>
|
</section>
|
||||||
-->
|
|
||||||
<section title="Mandatory Fields">
|
<section title="Mandatory Fields">
|
||||||
<t>Implementation MUST support all the mandatory fields.</t>
|
<t>Implementation MUST support all the mandatory fields.</t>
|
||||||
<section title="General remarks on mandatory fields">
|
<section title="General remarks on mandatory fields">
|
||||||
|
|
Loading…
Reference in a new issue