Compare commits

...

3 commits

5 changed files with 166 additions and 163 deletions

View file

@ -21,7 +21,7 @@ You can make pull request to the xml document. We are looking for comments from
IETF Internet-Draft
-------------------
- [Latest Version published as Internet-Draft](https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/) - 11 February 2022
- [Latest Version published as Internet-Draft](https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/) - 27 April 2024
Users and Use-cases

View file

@ -1,8 +1,8 @@
all: pdns-qof.xml
xml2rfc pdns-qof.xml
html: pdns-qof.xml
xml2rfc --html pdns-qof.xml
pdf: pdns-qof.xml
xml2rfc --pdf pdns-qof.xml
clean:
rm -f pdns-qof.txt

BIN
i-d/pdns-qof.pdf Normal file

Binary file not shown.

View file

@ -5,15 +5,17 @@
Domain Name System Operations A. Dulaunoy
Internet-Draft CIRCL
Intended status: Informational A. Kaplan
Expires: 1 January 2021
Expires: 29 October 2024
P. Vixie
H. Stern
Farsight Security, Inc.
June 2020
W. Kumari
Google
27 April 2024
Passive DNS - Common Output Format
draft-dulaunoy-dnsop-passive-dns-cof-08
draft-dulaunoy-dnsop-passive-dns-cof-11
Abstract
@ -39,25 +41,27 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 3 December 2020.
This Internet-Draft will expire on 29 October 2024.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
Dulaunoy, et al. Expires 29 October 2024 [Page 1]
Internet-Draft Passive DNS - Common Output Format April 2024
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
Dulaunoy, et al. Expires 1 January 2021 [Page 1]
Internet-Draft Passive DNS - Common Output Format June 2020
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
@ -74,20 +78,20 @@ Table of Contents
3.3. Mandatory Fields . . . . . . . . . . . . . . . . . . . . 5
3.3.1. rrname . . . . . . . . . . . . . . . . . . . . . . . 5
3.3.2. rrtype . . . . . . . . . . . . . . . . . . . . . . . 5
3.3.3. rdata . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3.3. rdata . . . . . . . . . . . . . . . . . . . . . . . . 6
3.3.4. time_first . . . . . . . . . . . . . . . . . . . . . 6
3.3.5. time_last . . . . . . . . . . . . . . . . . . . . . . 6
3.4. Optional Fields . . . . . . . . . . . . . . . . . . . . . 6
3.4.1. count . . . . . . . . . . . . . . . . . . . . . . . . 6
3.4.2. bailiwick . . . . . . . . . . . . . . . . . . . . . . 6
3.5. Additional Fields . . . . . . . . . . . . . . . . . . . . 6
3.5.1. sensor_id . . . . . . . . . . . . . . . . . . . . . . 6
3.4.2. bailiwick . . . . . . . . . . . . . . . . . . . . . . 7
3.5. Additional Fields . . . . . . . . . . . . . . . . . . . . 7
3.5.1. sensor_id . . . . . . . . . . . . . . . . . . . . . . 7
3.5.2. zone_time_first . . . . . . . . . . . . . . . . . . . 7
3.5.3. zone_time_last . . . . . . . . . . . . . . . . . . . 7
3.5.4. origin . . . . . . . . . . . . . . . . . . . . . . . 7
3.5.5. time_first_ms . . . . . . . . . . . . . . . . . . . . 7
3.5.6. time_last_ms . . . . . . . . . . . . . . . . . . . . 7
3.6. Additional Fields Registry . . . . . . . . . . . . . . . 7
3.5.6. time_last_ms . . . . . . . . . . . . . . . . . . . . 8
3.6. Additional Fields Registry . . . . . . . . . . . . . . . 8
3.7. Additional notes . . . . . . . . . . . . . . . . . . . . 8
3.8. Suggested MIME Types . . . . . . . . . . . . . . . . . . 8
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
@ -105,13 +109,9 @@ Table of Contents
Dulaunoy, et al. Expires 1 January 2021 [Page 2]
Dulaunoy, et al. Expires 29 October 2024 [Page 2]
Internet-Draft Passive DNS - Common Output Format June 2020
Internet-Draft Passive DNS - Common Output Format April 2024
1. Introduction
@ -165,9 +165,9 @@ Internet-Draft Passive DNS - Common Output Format June 2020
Dulaunoy, et al. Expires 1 January 2021 [Page 3]
Dulaunoy, et al. Expires 29 October 2024 [Page 3]
Internet-Draft Passive DNS - Common Output Format June 2020
Internet-Draft Passive DNS - Common Output Format April 2024
DNS Servers.
@ -193,38 +193,44 @@ Internet-Draft Passive DNS - Common Output Format June 2020
Formal grammar as defined in ABNF [RFC2234]
answer = entries
entries = * ( entry CR)
entry = "{" keyvallist "}"
entries = * ( entry newline )
entry = ws "{" ws keyvallist ws "}" ws
keyvallist = [ member *( value-separator member ) ]
member = qm field qm name-separator value
name-separator = ws %x3A ws ; a ":" colon
value = value ; as defined in the JSON RFC
value-separator = ws %x2C ws ; , comma. As defined in JSON
field = "rrname" | "rrtype" | "rdata" | "time_first" |
member = field name-separator value
name-separator = ws %x3A ws ; : colon
value-separator = ws %x2C ws ; , comma
field = field-name | futureField
field-name = "rrname" | "rrtype" | "rdata" | "time_first" |
"time_last" | "count" | "bailiwick" | "sensor_id" |
"zone_time_first" | "zone_time_last" | "origin" |
"time_first_ms" | "time_last_ms" | futureField
"time_first_ms" | "time_last_ms"
futureField = string
CR = %x0D
qm = %x22 ; " a quotation mark
newline = [ CR ] LF
CR = %x0D ; Carrige return
LF = %x0A ; Line feed or New line
qm = %x22 ; " Quotation mark
ws = *(
%x20 | ; Space
%x09 ; Horizontal tab
)
Dulaunoy, et al. Expires 29 October 2024 [Page 4]
Internet-Draft Passive DNS - Common Output Format April 2024
Note that value is defined in JSON [RFC4627] and has the exact same
specification as there. The same goes for the definition of string.
Dulaunoy, et al. Expires 1 January 2021 [Page 4]
Internet-Draft Passive DNS - Common Output Format June 2020
Note the changed definition of ws dows not include CR or LF as those
are NOT allowed in NDJSON, and thus the definition here MUST be used
for other ABNF defitions in JSON [RFC4627].
3.3. Mandatory Fields
@ -242,8 +248,8 @@ Internet-Draft Passive DNS - Common Output Format June 2020
3.3.1. rrname
This field returns the name of the queried resource. JSON [RFC4627]
string.
This field returns the name of the queried resource. Represented as
a JSON [RFC4627] string.
3.3.2. rrtype
@ -262,6 +268,20 @@ Internet-Draft Passive DNS - Common Output Format June 2020
a decimal value (as mentioned above) answer represented as a JSON
[RFC4627] number.
Dulaunoy, et al. Expires 29 October 2024 [Page 5]
Internet-Draft Passive DNS - Common Output Format April 2024
3.3.3. rdata
This field returns the resource records of the queried resource.
@ -274,14 +294,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
rrtype, this can be an IPv4 or IPv6 address, a domain name (as in the
case of CNAMEs), an SPF record, etc. A client MUST be able to
interpret any value which is legal as the right hand side in a DNS
Dulaunoy, et al. Expires 1 January 2021 [Page 5]
Internet-Draft Passive DNS - Common Output Format June 2020
master file RFC 1035 [RFC1035] and RFC 1034 [RFC1034]. If the rdata
came from an unknown DNS resource records, the server must follow the
transparency principle as described in RFC 3597 [RFC3597].
@ -315,10 +327,22 @@ Internet-Draft Passive DNS - Common Output Format June 2020
is expressed as a decimal value. This field is represented as a JSON
[RFC4627] number.
Dulaunoy, et al. Expires 29 October 2024 [Page 6]
Internet-Draft Passive DNS - Common Output Format April 2024
3.4.2. bailiwick
The bailiwick is the best estimate of the apex of the zone where this
data is authoritative.
data is authoritative. This field is represented as a JSON [RFC4627]
string.
3.5. Additional Fields
@ -329,15 +353,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
This field returns the sensor information where the record was seen.
It is represented as a JSON [RFC4627] string.
Dulaunoy, et al. Expires 1 January 2021 [Page 6]
Internet-Draft Passive DNS - Common Output Format June 2020
If the data originate from sensors or probes which are part of a
publicly-known gathering or measurement system (e.g. RIPE Atlas), a
JSON [RFC4627] string SHOULD be prefixed.
@ -361,8 +376,8 @@ Internet-Draft Passive DNS - Common Output Format June 2020
3.5.4. origin
Specifies the resource origin of the Passive DNS response. This
field is represented as a Uniform Resource Identifier [RFC3986]
(URI).
field is represented as a Uniform Resource Identifier [RFC3986] (URI)
in the form of a JSON [RFC4627] string.
3.5.5. time_first_ms
@ -370,6 +385,15 @@ Internet-Draft Passive DNS - Common Output Format June 2020
that the resolution is in milliseconds since 1st of January 1970
(UTC).
Dulaunoy, et al. Expires 29 October 2024 [Page 7]
Internet-Draft Passive DNS - Common Output Format April 2024
3.5.6. time_last_ms
Same meaning as the field "time_last", with the only difference, that
@ -382,18 +406,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
register new field name at https://github.com/adulau/pdns-qof/wiki/
Additional-Fields.
Dulaunoy, et al. Expires 1 January 2021 [Page 7]
Internet-Draft Passive DNS - Common Output Format June 2020
3.7. Additional notes
An implementer of a passive DNS Server MAY chose to either return
@ -430,6 +442,14 @@ Internet-Draft Passive DNS - Common Output Format June 2020
is lost, since the recursor will cache the results. Furthermore,
since multiple sensors feed into a passive DNS server, the resulting
data gets mixed together, reducing the likelihood that Passive DNS
Dulaunoy, et al. Expires 29 October 2024 [Page 8]
Internet-Draft Passive DNS - Common Output Format April 2024
Servers are able to find out much about the actual person querying
the DNS records nor who actually sent the query. In this sense,
passive DNS Servers are similar to keeping an archive of all previous
@ -441,15 +461,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
taken into consideration when designing any application which uses
Passive DNS data.
Dulaunoy, et al. Expires 1 January 2021 [Page 8]
Internet-Draft Passive DNS - Common Output Format June 2020
In the scope of the General Data Protection Regulation (GDPR -
Directive 95/46/EC), operators of Passive DNS Server needs to ensure
the legal ground and lawfulness of its operation.
@ -486,6 +497,15 @@ Internet-Draft Passive DNS - Common Output Format June 2020
(RR) Types", RFC 3597, DOI 10.17487/RFC3597, September
2003, <https://www.rfc-editor.org/info/rfc3597>.
Dulaunoy, et al. Expires 29 October 2024 [Page 9]
Internet-Draft Passive DNS - Common Output Format April 2024
[RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912,
DOI 10.17487/RFC3912, September 2004,
<https://www.rfc-editor.org/info/rfc3912>.
@ -495,26 +515,11 @@ Internet-Draft Passive DNS - Common Output Format June 2020
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
Dulaunoy, et al. Expires 1 January 2021 [Page 9]
Internet-Draft Passive DNS - Common Output Format June 2020
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006,
<https://www.rfc-editor.org/info/rfc4627>.
[RFC5001] Austein, R., "DNS Name Server Identifier (NSID) Option",
RFC 5001, DOI 10.17487/RFC5001, August 2007,
<https://www.rfc-editor.org/info/rfc5001>.
[RFC6648] Saint-Andre, P., Crocker, D., and M. Nottingham,
"Deprecating the "X-" Prefix and Similar Constructs in
Application Protocols", BCP 178, RFC 6648,
@ -545,23 +550,24 @@ Internet-Draft Passive DNS - Common Output Format June 2020
[DNSDBQ] Vixie, P., "DNSDB API Client, C Version", 2018,
<https://github.com/dnsdb/dnsdbq>.
Dulaunoy, et al. Expires 29 October 2024 [Page 10]
Internet-Draft Passive DNS - Common Output Format April 2024
[github_issue_17]
et.al, P. V. W. A. K., "Discussion on the existing
implementations of returning either zone_time{first,last}
OR time_{first,last}", 2020,
<https://github.com/adulau/pdns-qof/issues/17>.
Dulaunoy, et al. Expires 1 January 2021 [Page 10]
Internet-Draft Passive DNS - Common Output Format June 2020
[PDNSCERTAT]
CERT.at, "pDNS presentation at 4th Centr R&D workshop
Frankfurt Jun 5th 2012", 2012,
@ -592,36 +598,26 @@ Internet-Draft Passive DNS - Common Output Format June 2020
8.3. Informative References
[I-D.narten-iana-considerations-rfc2434bis]
Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", Work in Progress,
Internet-Draft, draft-narten-iana-considerations-
rfc2434bis-09, 26 March 2008,
<https://www.ietf.org/archive/id/draft-narten-iana-
considerations-rfc2434bis-09.txt>.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552,
DOI 10.17487/RFC3552, July 2003,
<https://www.rfc-editor.org/info/rfc3552>.
Appendix A. Examples
The JSON output are represented on multiple lines for readability but
each JSON object should be on a single line.
Dulaunoy, et al. Expires 1 January 2021 [Page 11]
Internet-Draft Passive DNS - Common Output Format June 2020
If you query a passive DNS for the rrname www.ietf.org, the passive
dns common output format can be:
Dulaunoy, et al. Expires 29 October 2024 [Page 11]
Internet-Draft Passive DNS - Common Output Format April 2024
{"count": 102, "time_first": 1298412391, "rrtype": "AAAA",
"rrname": "www.ietf.org", "rdata": "2001:1890:1112:1::20",
"time_last": 1302506851}
@ -659,25 +655,25 @@ Authors' Addresses
Alexandre Dulaunoy
CIRCL
16, bd d'Avranches
L-1160 Luxembourg
122, rue Adolphe Fischer
L-1521 Luxembourg
Luxembourg
Phone: (+352) 247 88444
Email: alexandre.dulaunoy@circl.lu
URI: http://www.circl.lu/
Dulaunoy, et al. Expires 1 January 2021 [Page 12]
Internet-Draft Passive DNS - Common Output Format June 2020
L. Aaron Kaplan
A-1170 Vienna
Austria
Dulaunoy, et al. Expires 29 October 2024 [Page 12]
Internet-Draft Passive DNS - Common Output Format April 2024
Email: aaron@lo-res.org
@ -686,7 +682,6 @@ Internet-Draft Passive DNS - Common Output Format June 2020
11400 La Honda Road
Woodside, California 94062
United States of America
Email: paul@redbarn.org
URI: https://www.farsightsecurity.com/
@ -696,12 +691,14 @@ Internet-Draft Passive DNS - Common Output Format June 2020
11400 La Honda Road
Woodside, California 94062
United States of America
Phone: +1 650 542-7836
Email: henry@stern.ca
URI: https://www.farsightsecurity.com/
Warren Kumari
Google
Email: warren@kumari.net
@ -725,4 +722,7 @@ Internet-Draft Passive DNS - Common Output Format June 2020
Dulaunoy, et al. Expires 1 January 2021 [Page 13]
Dulaunoy, et al. Expires 29 October 2024 [Page 13]

View file

@ -8,11 +8,9 @@
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC2629 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2629.xml">
<!ENTITY RFC3552 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3552.xml">
<!ENTITY RFC1035 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml">
<!ENTITY RFC1034 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml">
<!ENTITY RFC4627 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4627.xml">
<!ENTITY RFC5001 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5001.xml">
<!ENTITY RFC3597 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3597.xml">
<!ENTITY RFC3912 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml">
<!ENTITY RFC6648 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6648.xml">
@ -50,7 +48,7 @@
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="info" docName="draft-dulaunoy-dnsop-passive-dns-cof-08" ipr="trust200902">
<rfc category="info" docName="draft-dulaunoy-dnsop-passive-dns-cof-11" ipr="trust200902">
<!-- category values: std, bcp, info, exp, and historic
ipr values: full3667, noModification3667, noDerivatives3667
you can add the attributes updates="NNNN" and obsoletes="NNNN"
@ -65,10 +63,10 @@
<organization>CIRCL</organization>
<address>
<postal>
<street>16, bd d'Avranches</street>
<street>122, rue Adolphe Fischer</street>
<city>Luxembourg</city>
<region></region>
<code>L-1160</code>
<code>L-1521</code>
<country>Luxembourg</country>
</postal>
<phone>(+352) 247 88444</phone>
@ -130,7 +128,15 @@
</address>
</author>
<date month="June" year="2020" />
<author initials="W." surname="Kumari" fullname="Warren Kumari">
<organization>Google</organization>
<address>
<email>warren@kumari.net</email>
</address>
</author>
<date day="27" month="April" year="2024" />
<area>General</area>
<workgroup>Domain Name System Operations</workgroup>
@ -325,7 +331,6 @@ ws = *(
&RFC1034;
&RFC3912;
&RFC4627;
&RFC5001;
&RFC3597;
&RFC6648;
&RFC2234;
@ -416,11 +421,9 @@ ws = *(
<!-- Here we use entities that we defined at the beginning. -->
&RFC3552;
&I-D.narten-iana-considerations-rfc2434bis;
<!-- &I-D.narten-iana-considerations-rfc2434bis; -->
<!-- &I-D.draft-bortzmeyer-dnsop-dns-privacy; -->
</references>
<section anchor="app-additional" title="Examples">
<t>The JSON output are represented on multiple lines for readability but each JSON object should be on a single line.</t>