adulau/pdns-toolkit
1
0
Fork 0
mirror of https://github.com/adulau/pdns-toolkit.git synced 2024-12-21 16:26:03 +00:00
Code Issues Projects Releases Packages Wiki Activity
pdns-toolkit/pdns-server
History
Alexandre Dulaunoy daeb9a1a4a Simple dnscap patch to have epoch date as output
2012-03-21 17:32:11 +01:00
..
bin Remove sample data - available in the doc 2012-03-09 00:32:26 +01:00
doc Initial passive DNS server commit at CanSecWest 2012-03-08 23:25:21 +01:00
lib Initial passive DNS server commit at CanSecWest 2012-03-08 23:25:21 +01:00
web Initial passive DNS server commit at CanSecWest 2012-03-08 23:25:21 +01:00
README.md Simple dnscap patch to have epoch date as output 2012-03-21 17:32:11 +01:00

README.md

pdns-server toolkit

A minimal and scalable toolkit for Passive DNS. The toolkit can be used for research, security analysis or data mining.

The data store of the Passive DNS is relying on Redis. The data store format is described in ./doc/datastore-format.txt

Installation

This is the minimal set to run a standalone passive-dns using dnscap as a source for the DNS packets.

  • Install redis.

  • Start ./src/redis-server

  • Download dnscap

  • Apply the patch against dnscap to output date in epoch format

  • copy the dnscap binary in ./pdns-server/bin

  • Start the feeder cd pdns-server/bin; pdns-dnscap2feeder.sh;

  • Now the feeder is capturing the DNS answers

  • You can start the sample web interface cd pdns-server/web; pdns-web.sh

  • or try a query on a hosname cd pdns-server/bin; perl query.pl www.google.com

The install process will be automated in the next release.

dnscap

Patch dnscap.c (from branches/wessels) to output the date in epoch format.

  •           strftime(when, sizeof when, "%Y-%m-%d %T", tm);

  •           strftime(when, sizeof when, "%s", tm);

When having multiple flows of DNS queries, it's better to convert the date as soon as possible.