diff --git a/i-d/pdns-qof.txt b/i-d/pdns-qof.txt index f5c9203..a2ff37d 100644 --- a/i-d/pdns-qof.txt +++ b/i-d/pdns-qof.txt @@ -90,6 +90,7 @@ Table of Contents 3.5.6. time_last_ms . . . . . . . . . . . . . . . . . . . . 7 3.6. Additional Fields Registry . . . . . . . . . . . . . . . 7 3.7. Additional notes . . . . . . . . . . . . . . . . . . . . 8 + 3.8. Suggested MIME Types . . . . . . . . . . . . . . . . . . 8 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8 @@ -108,7 +109,6 @@ Table of Contents - Dulaunoy, et al. Expires December 3, 2020 [Page 2] Internet-Draft Passive DNS - Common Output Format June 2020 @@ -405,6 +405,12 @@ Internet-Draft Passive DNS - Common Output Format June 2020 parsers who will expect the mandatory fields time_{first,last}. See: [github_issue_17] +3.8. Suggested MIME Types + + An implementer of a passive DNS Server SHOULD server a document in + this Common Output Format with a MIME header of "application/ + x-ndjson". + 4. Acknowledgements Thanks to the Passive DNS developers who contributed to the document. @@ -435,12 +441,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020 taken into consideration when designing any application which uses Passive DNS data. - In the scope of the General Data Protection Regulation (GDPR - - Directive 95/46/EC), operators of Passive DNS Server needs to ensure - the legal ground and lawfulness of its operation. - - - @@ -450,6 +450,10 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 8] Internet-Draft Passive DNS - Common Output Format June 2020 + In the scope of the General Data Protection Regulation (GDPR - + Directive 95/46/EC), operators of Passive DNS Server needs to ensure + the legal ground and lawfulness of its operation. + 7. Security Considerations In some cases, Passive DNS output might contain confidential @@ -491,10 +495,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020 RFC 3986, DOI 10.17487/RFC3986, January 2005, . - [RFC4627] Crockford, D., "The application/json Media Type for - JavaScript Object Notation (JSON)", RFC 4627, - DOI 10.17487/RFC4627, July 2006, - . @@ -506,6 +506,11 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 9] Internet-Draft Passive DNS - Common Output Format June 2020 + [RFC4627] Crockford, D., "The application/json Media Type for + JavaScript Object Notation (JSON)", RFC 4627, + DOI 10.17487/RFC4627, July 2006, + . + [RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option", RFC 5001, DOI 10.17487/RFC5001, August 2007, . @@ -549,11 +554,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020 . - [PDNSCIRCL] - "CIRCL Passive DNS", 2012, - . - - @@ -562,6 +562,10 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 10] Internet-Draft Passive DNS - Common Output Format June 2020 + [PDNSCIRCL] + "CIRCL Passive DNS", 2012, + . + [PDNSCLIENT] "Queries 5 major Passive DNS databases: BFK, CERTEE, DNSParse, ISC, and VirusTotal.", 2013, @@ -602,12 +606,8 @@ Appendix A. Examples dns common output format can be: - {"count": 102, "time_first": 1298412391, "rrtype": "AAAA", - "rrname": "www.ietf.org", "rdata": "2001:1890:1112:1::20", - "time_last": 1302506851} - {"count": 59, "time_first": 1384865833, "rrtype": "A", - "rrname": "www.ietf.org", "rdata": "4.31.198.44", - "time_last": 1389022219} + + @@ -618,6 +618,14 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 11] Internet-Draft Passive DNS - Common Output Format June 2020 + {"count": 102, "time_first": 1298412391, "rrtype": "AAAA", + "rrname": "www.ietf.org", "rdata": "2001:1890:1112:1::20", + "time_last": 1302506851} + {"count": 59, "time_first": 1384865833, "rrtype": "A", + "rrname": "www.ietf.org", "rdata": "4.31.198.44", + "time_last": 1389022219} + + If you query a passive DNS for the rrname ietf.org, the passive dns common output format can be: @@ -658,14 +666,6 @@ Authors' Addresses URI: http://www.circl.lu/ - L. Aaron Kaplan - Vienna A-1170 - Austria - - Email: aaron@lo-res.org - - - @@ -674,6 +674,13 @@ Dulaunoy, et al. Expires December 3, 2020 [Page 12] Internet-Draft Passive DNS - Common Output Format June 2020 + L. Aaron Kaplan + Vienna A-1170 + Austria + + Email: aaron@lo-res.org + + Paul Vixie Farsight Security, Inc. 11400 La Honda Road @@ -710,13 +717,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020 - - - - - - - diff --git a/i-d/pdns-qof.xml b/i-d/pdns-qof.xml index d79971f..069f44a 100644 --- a/i-d/pdns-qof.xml +++ b/i-d/pdns-qof.xml @@ -263,6 +263,9 @@ ws = *(
An implementer of a passive DNS Server MAY chose to either return time_first and time_last OR return zone_time_first and zone_time_last. In pseudocode: (time_first AND time_last) OR (zone_time_first AND zone_time_last). In this case, zone_time_{first,last} replace the time_{first,last} fields. However, this is not encouraged since it might be confusing for parsers who will expect the mandatory fields time_{first,last}. See: +
+
+ An implementer of a passive DNS Server SHOULD server a document in this Common Output Format with a MIME header of "application/x-ndjson".