Add a section on MIME types. Closes issue #9.

This commit is contained in:
aaronkaplan 2021-05-04 16:03:04 +02:00
parent 7fe69103d1
commit be9de2de88
No known key found for this signature in database
GPG key ID: 1AED8B672DD4C9B1
3 changed files with 41 additions and 37 deletions

View file

@ -3,6 +3,7 @@
## Content changes ## Content changes
* added time_first_ms, time_last_ms * added time_first_ms, time_last_ms
* clarified that time_{first,last} OR zone_time_{first,last} can be specified. * clarified that time_{first,last} OR zone_time_{first,last} can be specified.
* Added MIME type SHOULD be "application/x-ndjson". As discussed in #9.
## Other changes ## Other changes
* Added JSON schema * Added JSON schema

View file

@ -90,6 +90,7 @@ Table of Contents
3.5.6. time_last_ms . . . . . . . . . . . . . . . . . . . . 7 3.5.6. time_last_ms . . . . . . . . . . . . . . . . . . . . 7
3.6. Additional Fields Registry . . . . . . . . . . . . . . . 7 3.6. Additional Fields Registry . . . . . . . . . . . . . . . 7
3.7. Additional notes . . . . . . . . . . . . . . . . . . . . 8 3.7. Additional notes . . . . . . . . . . . . . . . . . . . . 8
3.8. Suggested MIME Types . . . . . . . . . . . . . . . . . . 8
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8
@ -108,7 +109,6 @@ Table of Contents
Dulaunoy, et al. Expires December 3, 2020 [Page 2] Dulaunoy, et al. Expires December 3, 2020 [Page 2]
Internet-Draft Passive DNS - Common Output Format June 2020 Internet-Draft Passive DNS - Common Output Format June 2020
@ -405,6 +405,12 @@ Internet-Draft Passive DNS - Common Output Format June 2020
parsers who will expect the mandatory fields time_{first,last}. See: parsers who will expect the mandatory fields time_{first,last}. See:
[github_issue_17] [github_issue_17]
3.8. Suggested MIME Types
An implementer of a passive DNS Server SHOULD server a document in
this Common Output Format with a MIME header of "application/
x-ndjson".
4. Acknowledgements 4. Acknowledgements
Thanks to the Passive DNS developers who contributed to the document. Thanks to the Passive DNS developers who contributed to the document.
@ -435,12 +441,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
taken into consideration when designing any application which uses taken into consideration when designing any application which uses
Passive DNS data. Passive DNS data.
In the scope of the General Data Protection Regulation (GDPR -
Directive 95/46/EC), operators of Passive DNS Server needs to ensure
the legal ground and lawfulness of its operation.
@ -450,6 +450,10 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 8]
Internet-Draft Passive DNS - Common Output Format June 2020 Internet-Draft Passive DNS - Common Output Format June 2020
In the scope of the General Data Protection Regulation (GDPR -
Directive 95/46/EC), operators of Passive DNS Server needs to ensure
the legal ground and lawfulness of its operation.
7. Security Considerations 7. Security Considerations
In some cases, Passive DNS output might contain confidential In some cases, Passive DNS output might contain confidential
@ -491,10 +495,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>. <https://www.rfc-editor.org/info/rfc3986>.
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006,
<https://www.rfc-editor.org/info/rfc4627>.
@ -506,6 +506,11 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 9]
Internet-Draft Passive DNS - Common Output Format June 2020 Internet-Draft Passive DNS - Common Output Format June 2020
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006,
<https://www.rfc-editor.org/info/rfc4627>.
[RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option", [RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option",
RFC 5001, DOI 10.17487/RFC5001, August 2007, RFC 5001, DOI 10.17487/RFC5001, August 2007,
<https://www.rfc-editor.org/info/rfc5001>. <https://www.rfc-editor.org/info/rfc5001>.
@ -549,11 +554,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
<http://www.centr.org/system/files/agenda/attachment/ <http://www.centr.org/system/files/agenda/attachment/
rd4-papst-passive_dns.pdf>. rd4-papst-passive_dns.pdf>.
[PDNSCIRCL]
"CIRCL Passive DNS", 2012,
<https://www.circl.lu/services/passive-dns/>.
@ -562,6 +562,10 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 10]
Internet-Draft Passive DNS - Common Output Format June 2020 Internet-Draft Passive DNS - Common Output Format June 2020
[PDNSCIRCL]
"CIRCL Passive DNS", 2012,
<https://www.circl.lu/services/passive-dns/>.
[PDNSCLIENT] [PDNSCLIENT]
"Queries 5 major Passive DNS databases: BFK, CERTEE, "Queries 5 major Passive DNS databases: BFK, CERTEE,
DNSParse, ISC, and VirusTotal.", 2013, DNSParse, ISC, and VirusTotal.", 2013,
@ -602,12 +606,8 @@ Appendix A. Examples
dns common output format can be: dns common output format can be:
{"count": 102, "time_first": 1298412391, "rrtype": "AAAA",
"rrname": "www.ietf.org", "rdata": "2001:1890:1112:1::20",
"time_last": 1302506851}
{"count": 59, "time_first": 1384865833, "rrtype": "A",
"rrname": "www.ietf.org", "rdata": "4.31.198.44",
"time_last": 1389022219}
@ -618,6 +618,14 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 11]
Internet-Draft Passive DNS - Common Output Format June 2020 Internet-Draft Passive DNS - Common Output Format June 2020
{"count": 102, "time_first": 1298412391, "rrtype": "AAAA",
"rrname": "www.ietf.org", "rdata": "2001:1890:1112:1::20",
"time_last": 1302506851}
{"count": 59, "time_first": 1384865833, "rrtype": "A",
"rrname": "www.ietf.org", "rdata": "4.31.198.44",
"time_last": 1389022219}
If you query a passive DNS for the rrname ietf.org, the passive dns If you query a passive DNS for the rrname ietf.org, the passive dns
common output format can be: common output format can be:
@ -658,14 +666,6 @@ Authors' Addresses
URI: http://www.circl.lu/ URI: http://www.circl.lu/
L. Aaron Kaplan
Vienna A-1170
Austria
Email: aaron@lo-res.org
@ -674,6 +674,13 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 12]
Internet-Draft Passive DNS - Common Output Format June 2020 Internet-Draft Passive DNS - Common Output Format June 2020
L. Aaron Kaplan
Vienna A-1170
Austria
Email: aaron@lo-res.org
Paul Vixie Paul Vixie
Farsight Security, Inc. Farsight Security, Inc.
11400 La Honda Road 11400 La Honda Road
@ -710,13 +717,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020

View file

@ -263,6 +263,9 @@ ws = *(
</section> </section>
<section title="Additional notes"> <section title="Additional notes">
<t>An implementer of a passive DNS Server MAY chose to either return time_first and time_last OR return zone_time_first and zone_time_last. In pseudocode: (time_first AND time_last) OR (zone_time_first AND zone_time_last). In this case, zone_time_{first,last} replace the time_{first,last} fields. However, this is not encouraged since it might be confusing for parsers who will expect the mandatory fields time_{first,last}. See: <xref target="github_issue_17"/></t> <t>An implementer of a passive DNS Server MAY chose to either return time_first and time_last OR return zone_time_first and zone_time_last. In pseudocode: (time_first AND time_last) OR (zone_time_first AND zone_time_last). In this case, zone_time_{first,last} replace the time_{first,last} fields. However, this is not encouraged since it might be confusing for parsers who will expect the mandatory fields time_{first,last}. See: <xref target="github_issue_17"/></t>
</section>
<section title="Suggested MIME Types">
<t>An implementer of a passive DNS Server SHOULD server a document in this Common Output Format with a MIME header of "application/x-ndjson".</t>
</section> </section>
</section> </section>