adulau/pdns-qof
1
0
Fork 0
mirror of https://github.com/adulau/pdns-qof.git synced 2024-10-06 06:21:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Reference passive dns implementation added

Browse source
This commit is contained in:
Alexandre Dulaunoy 2013-12-25 11:40:03 +01:00
parent 1bed3e1e4f
commit 52c30851e7
1 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
i-d/pdns-qof.xml
View file

@ -138,7 +138,7 @@
<section title="Introduction">
<t>Passive DNS is a technique described by Florian Weimer in 2005 in Passive DNS replication, F Weimer - 17th Annual FIRST Conference on Computer Security. Since then multiple Passive DNS implementations evolved over time. Users of these Passive DNS servers query a server (often via <xref target="RFC3912">WHOIS</xref> or HTTP <xref target="REST">REST</xref>), parse the results and process them in other applications.</t>
<t>
There are multiple implementation of Passive DNS software. Users of passive DNS query each implementation and aggregate the results for their search. This document describes the output format of three Passive DNS Systems which are in use today and which already share a nearly identical output format.
There are multiple implementation of Passive DNS software. Users of passive DNS query each implementation and aggregate the results for their search. This document describes the output format of three Passive DNS Systems (<xref target="DNSDB"/>,<xref target="PDNSCERTAT"/> and <xref target="PDNSCIRCL"/>) which are in use today and which already share a nearly identical output format.
As the format and the meaning of output fields from each Passive DNS need to be consistent, we propose in this document a solution to commonly name each field along with their corresponding interpretation. The format format is following a simple key-value structure in <xref target="RFC4627">JSON</xref> format.
The benefit of having a consistent Passive DNS output format is that multiple client implementations can query different servers without having to have a separate parser for each
@ -303,6 +303,28 @@ The document does not describe the protocol (e.g. <xref target="RFC3912">WHOIS</
<date year="2000"/>
</front>
</reference>
<reference anchor="DNSDB" target="https://api.dnsdb.info/">
<front>
<title>DNSDB API</title>
<author fullname="Farsight Security"/>
<date year="2013"/>
</front>
</reference>
<reference anchor="PDNSCERTAT" target="http://www.centr.org/system/files/agenda/attachment/rd4-papst-passive_dns.pdf">
<front>
<title>pDNS presentation at 4th Centr R&amp;D workshop Frankfurt Jun 5th 2012</title>
<author fullname="CERT.at"/>
<date year="2012"/>
</front>
</reference>
<reference anchor="PDNSCIRCL" target="http://pdns.circl.lu/">
<front>
<title>CIRCL Passive DNS</title>
<author fullname="CIRCL -Computer Incident Response Center Luxembourg"/>
<date year="2012"/>
</front>
</reference>
</references>
<references title="Informative References">