diff --git a/Makefile.am b/Makefile.am index a2a642756..094a782b7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,6 +5,7 @@ TESTS = BUILT_SOURCES = EXTRA_DIST = CLEANFILES = +DISTCLEANFILES = ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS} AM_CPPFLAGS = \ @@ -31,7 +32,6 @@ EXTRA_DIST += \ tests/json-utf8-tests/straycont.nmsg \ tests/json-utf8-tests/test.sh.in \ tests/json-utf8-tests/truncated.nmsg \ - tests/nmsg.test \ tests/string-tests/empty-string.json \ tests/string-tests/empty-string.nmsg \ tests/string-tests/empty-string.pres \ @@ -365,6 +365,24 @@ EXTRA_DIST += tests/generic-tests/test.chalias EXTRA_DIST += tests/generic-tests/test.gralias EXTRA_DIST += tests/generic-tests/test.opalias +EXTRA_DIST += tests/nmsg-dns-tests/test1-dns.json +EXTRA_DIST += tests/nmsg-dns-tests/test1-dns.nmsg +EXTRA_DIST += tests/nmsg-dns-tests/test1-dns.pres +EXTRA_DIST += tests/nmsg-dns-tests/test2-dns.json +EXTRA_DIST += tests/nmsg-dns-tests/test2-dns.nmsg +EXTRA_DIST += tests/nmsg-dns-tests/test2-dns.pres +EXTRA_DIST += tests/nmsg-dns-tests/test3-dns.json +EXTRA_DIST += tests/nmsg-dnsobs-tests/test1-dnsobs.json +EXTRA_DIST += tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg +EXTRA_DIST += tests/nmsg-dnsobs-tests/test1-dnsobs.pres +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.json +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.pcap +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.pres +EXTRA_DIST += tests/nmsg-dnstap-tests/test1-dnstap.json +EXTRA_DIST += tests/nmsg-dnstap-tests/test1-dnstap.nmsg +EXTRA_DIST += tests/nmsg-dnstap-tests/test1-dnstap.pres + noinst_PROGRAMS += libmy/crc32c_test libmy_crc32c_test_CFLAGS = $(AM_CFLAGS) libmy_crc32c_test_SOURCES = \ @@ -383,7 +401,10 @@ noinst_PROGRAMS += \ examples/print_version TESTS += tests/json-utf8-tests/test.sh +TESTS += tests/nmsg-dns-tests/test.sh +TESTS += tests/nmsg-dnsqr-tests/test.sh TESTS += tests/nmsg-dnstap-tests/test.sh +TESTS += tests/nmsg-dnsobs-tests/test.sh TESTS += tests/payload-crc32c-tests/test.sh TESTS += tests/string-tests/test.sh TESTS += tests/udp-checksum-tests/test.sh @@ -414,6 +435,11 @@ check_PROGRAMS += tests/test-nmsg_output_set_rate tests_test_nmsg_output_set_rate_SOURCES = tests/test-nmsg_output_set_rate.c tests_test_nmsg_output_set_rate_LDADD = nmsg/libnmsg.la +DISTCLEANFILES += tests/nmsg-dns-tests/test*.out +DISTCLEANFILES += tests/nmsg-dnsobs-tests/test*.out +DISTCLEANFILES += tests/nmsg-dnsqr-tests/test*.out +DISTCLEANFILES += tests/nmsg-dnstap-tests/test*.out + # ## ### Examples diff --git a/configure.ac b/configure.ac index 52304b61c..2bea4e76a 100644 --- a/configure.ac +++ b/configure.ac @@ -42,6 +42,15 @@ AC_CONFIG_FILES([Makefile doc/doxygen/Doxyfile nmsg/libnmsg.pc nmsg/version.h]) AC_CONFIG_FILES([tests/json-utf8-tests/test.sh], [chmod +x tests/json-utf8-tests/test.sh]) +AC_CONFIG_FILES([tests/nmsg-dns-tests/test.sh], + [chmod +x tests/nmsg-dns-tests/test.sh]) + +AC_CONFIG_FILES([tests/nmsg-dnsobs-tests/test.sh], + [chmod +x tests/nmsg-dnsobs-tests/test.sh]) + +AC_CONFIG_FILES([tests/nmsg-dnsqr-tests/test.sh], + [chmod +x tests/nmsg-dnsqr-tests/test.sh]) + AC_CONFIG_FILES([tests/nmsg-dnstap-tests/test.sh], [chmod +x tests/nmsg-dnstap-tests/test.sh]) diff --git a/tests/.gitignore b/tests/.gitignore index 770e9b8e2..c50fbe417 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -2,7 +2,11 @@ test-layout-fltmod_plugin test-nmsg_output_set_rate string-tests/test.sh json-utf8-tests/test.sh +nmsg-dns-tests/test.sh +nmsg-dnsqr-tests/test.sh +nmsg-dnsobs-tests/test.sh nmsg-dnstap-tests/test.sh +nmsg-dns*-tests/*.out payload-crc32c-tests/test.sh udp-checksum-tests/test.sh *.log diff --git a/tests/nmsg-dns-tests/test.sh.in b/tests/nmsg-dns-tests/test.sh.in new file mode 100755 index 000000000..24f76f77e --- /dev/null +++ b/tests/nmsg-dns-tests/test.sh.in @@ -0,0 +1,89 @@ +#!/bin/sh + +status=0 + +check() { + if [ $? = "0" ]; then + echo "PASS: $*" + else + echo "FAIL: $*" + status=1 + fi +} + +NMSG_MSGMOD_DIR="@abs_top_builddir@/nmsg/base/.libs" +export NMSG_MSGMOD_DIR +NMSGTOOL="@abs_top_builddir@/src/nmsgtool" + +SOURCE=@abs_top_srcdir@/tests/nmsg-dns-tests/test1-dns +OUTPUT=@abs_top_builddir@/tests/nmsg-dns-tests/test1-dns + +# cleanup from previous run +rm -f ${OUTPUT}*out + +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dns and create presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dns and create json output +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +# output should be same as input +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dns and create nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +$NMSGTOOL -j ${SOURCE}.json > ${OUTPUT}.json.pres.out +check read json base:dns and create presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out +check json-to-presentation + +# output should be same as input +$NMSGTOOL -j ${SOURCE}.json -J ${OUTPUT}.json.json.out +check read json base:dns and create json output +cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out +check json-to-json + +$NMSGTOOL -j ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +check read json base:dns and create nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out +check json-to-nmsg + +# another test input +# TODO: use a function since is repeated + +$NMSGTOOL -r @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.nmsg > @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.pres.out +check read nmsg base:dns and create presentation output +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.pres @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.pres.out +check nmsg-to-presentation + +$NMSGTOOL -r @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.nmsg -J @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.json.out +check read nmsg base:dns and create json output +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.json.out +check nmsg-to-json + +$NMSGTOOL -j @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json > @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.pres.out +check read json base:dns and create presentation output +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.pres @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.pres.out +check json-to-presentation + +$NMSGTOOL -j @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json -J @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.json.out +check read json base:dns and create json output +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.json.out +check json-to-json + +# NOTE: --readpres is not fully implemented for base:dns so aborts + +# JSON input mistakes should result in no output +$NMSGTOOL -dd -j @abs_top_srcdir@/tests/nmsg-dns-tests/test3-dns.json --writepres @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out 2>@abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr.out +check read broken json base:dns and create empty output +grep "JSON parse error:" @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr.out >/dev/null +check reports JSON parse error +test ! -s @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out +check broken-json-to-empty-pres + +exit $status diff --git a/tests/nmsg-dns-tests/test1-dns.json b/tests/nmsg-dns-tests/test1-dns.json new file mode 100644 index 000000000..bd604a503 --- /dev/null +++ b/tests/nmsg-dns-tests/test1-dns.json @@ -0,0 +1,6 @@ +{"time":"2011-02-09 19:41:52.068575000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"TXT","rrttl":3600,"rdata":["\"Hello\""]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"test1.example.net.","qclass":"IN","qtype":"A","section":1,"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"SPF","rrttl":172800,"rdata":["\"10.11.12.13\"","\"10.12.13.14\""]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"test1.example.net.","qclass":"IN","qtype":"A","rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} diff --git a/tests/nmsg-dns-tests/test1-dns.nmsg b/tests/nmsg-dns-tests/test1-dns.nmsg new file mode 100644 index 000000000..fba9fa617 Binary files /dev/null and b/tests/nmsg-dns-tests/test1-dns.nmsg differ diff --git a/tests/nmsg-dns-tests/test1-dns.pres b/tests/nmsg-dns-tests/test1-dns.pres new file mode 100644 index 000000000..c0414e650 --- /dev/null +++ b/tests/nmsg-dns-tests/test1-dns.pres @@ -0,0 +1,52 @@ +[36] [2011-02-09 19:41:52.068575000] [1:7 base dns] [00000000] [] [] +rrname: test1.example.net. +rrclass: IN (1) +rrtype: TXT (16) +rrttl: 3600 +rdata: "Hello" + +[68] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +qname: test1.example.net. +qclass: IN (1) +qtype: A (1) +section: 1 +rrname: test1.example.net. +rrclass: IN (1) +rrtype: A (1) +rrttl: 172800 +rdata: 10.11.12.13 +rdata: 10.12.13.14 + +[41] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: test1.example.net. +rrclass: IN (1) +rrtype: A (1) +rrttl: 172800 +rdata: 10.11.12.13 +rdata: 10.12.13.14 + +[57] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: test1.example.net. +rrclass: IN (1) +rrtype: SPF (99) +rrttl: 172800 +rdata: "10.11.12.13" +rdata: "10.12.13.14" + +[60] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +qname: test1.example.net. +qclass: IN (1) +qtype: A (1) +rrname: test1.example.net. +rrclass: IN (1) +rrtype: A (1) +rrttl: 172800 +rdata: 10.11.12.13 + +[35] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: test1.example.net. +rrclass: IN (1) +rrtype: A (1) +rrttl: 172800 +rdata: 10.11.12.13 + diff --git a/tests/nmsg-dns-tests/test2-dns.json b/tests/nmsg-dns-tests/test2-dns.json new file mode 100644 index 000000000..471258363 --- /dev/null +++ b/tests/nmsg-dns-tests/test2-dns.json @@ -0,0 +1,8 @@ +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"SOA","rrttl":86400,"rdata":["a.root-servers.net. nstld.verisign-grs.com. 2018110200 1800 900 604800 86400"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"RRSIG","rrttl":86400,"rdata":["SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAtkQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R81QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBlOt+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7jGos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg379dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZHTf8VQ=="]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"NS","rrttl":518400,"rdata":["a.root-servers.net.","b.root-servers.net.","c.root-servers.net.","d.root-servers.net.","e.root-servers.net.","f.root-servers.net.","g.root-servers.net.","h.root-servers.net.","i.root-servers.net.","j.root-servers.net.","k.root-servers.net.","l.root-servers.net.","m.root-servers.net."]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"NSEC","rrttl":86400,"rdata":["aaa. NS SOA RRSIG NSEC DNSKEY"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"DNSKEY","rrttl":172800,"rdata":["256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78=","257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=","257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"ns1.dns.nic.aaa.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["156.154.144.2"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"ns1.dns.nic.aaa.","rrclass":"IN","rrtype":"AAAA","rrttl":172800,"rdata":["2610:a1:1071::2"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"ac.","rrclass":"IN","rrtype":"DS","rrttl":86400,"rdata":["42665 8 1 D5E99D85351D361BD6B5B1582F634E8A85CF1BF7","23014 8 2 9F135B4B4C69C92383B997632E821E3C8AB9699658674CC96FDE5405ACB68B65","42665 8 2 4B15F405C98F4BC3A370B19E54DBE75DF201EDCD38577C51D277DC6559865D95"]}} diff --git a/tests/nmsg-dns-tests/test2-dns.nmsg b/tests/nmsg-dns-tests/test2-dns.nmsg new file mode 100644 index 000000000..3e8ee2f4e Binary files /dev/null and b/tests/nmsg-dns-tests/test2-dns.nmsg differ diff --git a/tests/nmsg-dns-tests/test2-dns.pres b/tests/nmsg-dns-tests/test2-dns.pres new file mode 100644 index 000000000..0a5d92b30 --- /dev/null +++ b/tests/nmsg-dns-tests/test2-dns.pres @@ -0,0 +1,72 @@ +[77] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: SOA (6) +rrttl: 86400 +rdata: a.root-servers.net. nstld.verisign-grs.com. 2018110200 1800 900 604800 86400 + +[289] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: RRSIG (46) +rrttl: 86400 +rdata: SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAtkQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R81QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBlOt+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7jGos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg379dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZHTf8VQ== + +[297] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: NS (2) +rrttl: 518400 +rdata: a.root-servers.net. +rdata: b.root-servers.net. +rdata: c.root-servers.net. +rdata: d.root-servers.net. +rdata: e.root-servers.net. +rdata: f.root-servers.net. +rdata: g.root-servers.net. +rdata: h.root-servers.net. +rdata: i.root-servers.net. +rdata: j.root-servers.net. +rdata: k.root-servers.net. +rdata: l.root-servers.net. +rdata: m.root-servers.net. + +[27] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: NSEC (47) +rrttl: 86400 +rdata: aaa. NS SOA RRSIG NSEC DNSKEY + +[812] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: DNSKEY (48) +rrttl: 172800 +rdata: 256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78= +rdata: 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +rdata: 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= + +[33] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: ns1.dns.nic.aaa. +rrclass: IN (1) +rrtype: A (1) +rrttl: 172800 +rdata: 156.154.144.2 + +[45] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: ns1.dns.nic.aaa. +rrclass: IN (1) +rrtype: AAAA (28) +rrttl: 172800 +rdata: 2610:a1:1071::2 + +[116] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: ac. +rrclass: IN (1) +rrtype: DS (43) +rrttl: 86400 +rdata: 42665 8 1 D5E99D85351D361BD6B5B1582F634E8A85CF1BF7 +rdata: 23014 8 2 9F135B4B4C69C92383B997632E821E3C8AB9699658674CC96FDE5405ACB68B65 +rdata: 42665 8 2 4B15F405C98F4BC3A370B19E54DBE75DF201EDCD38577C51D277DC6559865D95 + diff --git a/tests/nmsg-dns-tests/test3-dns.json b/tests/nmsg-dns-tests/test3-dns.json new file mode 100644 index 000000000..379967bf8 --- /dev/null +++ b/tests/nmsg-dns-tests/test3-dns.json @@ -0,0 +1,5 @@ +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-rrtype.test3.example.net.","rrclass":"IN","rrtype":"garbage","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"type99.test3.example.net.","rrclass":"IN","rrtype":"TYPE999","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"unknown-rrtype.test3.example.net.","rrclass":"IN","rrtype":"","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-rdata.test3.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["not an IP address","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-rrttl.test3.example.net.","rrclass":"IN","rrtype":"A","rrttl":"not an TTL number","rdata":["10.11.12.13","10.12.13.14"]}} diff --git a/tests/nmsg-dnsobs-tests/test.sh.in b/tests/nmsg-dnsobs-tests/test.sh.in new file mode 100755 index 000000000..0ae93a113 --- /dev/null +++ b/tests/nmsg-dnsobs-tests/test.sh.in @@ -0,0 +1,59 @@ +#!/bin/sh + +status=0 + +check() { + if [ $? = "0" ]; then + echo "PASS: $*" + else + echo "FAIL: $*" + status=1 + fi +} + +NMSG_MSGMOD_DIR="@abs_top_builddir@/nmsg/base/.libs" +export NMSG_MSGMOD_DIR +NMSGTOOL="@abs_top_builddir@/src/nmsgtool" +PAYLOAD="@abs_top_srcdir@/tests/nmsg-dnsobs-tests/test-dnsobs.nmsg" + +SOURCE=@abs_top_srcdir@/tests/nmsg-dnsobs-tests/test1-dnsobs +OUTPUT=@abs_top_builddir@/tests/nmsg-dnsobs-tests/test1-dnsobs + +# cleanup from previous run +rm -f ${OUTPUT}*out + +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dnsobs and create dnsobs presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +# output should be same as input +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dnsobs and create base:dnsobs nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dnsobs and create base:dnsobs json output +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +$NMSGTOOL --readjson ${SOURCE}.json > ${OUTPUT}.json.pres.out +check read json base:dnsobs and create dnsobs presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out +check json-to-presentation + +$NMSGTOOL --readjson ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +check read json base:dnsobs and create base:dnsobs nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out +check json-to-nmsg + +# output should be same as input +$NMSGTOOL --readjson ${SOURCE}.json -J ${OUTPUT}.json.json.out +check read json base:dnsobs and create base:dnsobs json output +cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out +check json-to-json + +# NOTE: --readpres is not fully implemented for base:dnsobs + +exit $status diff --git a/tests/nmsg-dnsobs-tests/test1-dnsobs.json b/tests/nmsg-dnsobs-tests/test1-dnsobs.json new file mode 100644 index 000000000..85cdab7d2 --- /dev/null +++ b/tests/nmsg-dnsobs-tests/test1-dnsobs.json @@ -0,0 +1,6 @@ +{"time":"2023-07-13 17:41:09.408162000","vname":"base","mname":"dnsobs","message":{"time":1689270069,"response_ip":"192.5.5.241","qname":"icann.org.","qtype":"A","qclass":"IN","rcode":"NOERROR","response":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA=","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":60913,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":[],"udp":1472,"options":[]}}},"question":[{"qname":"icann.org.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"org.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["a0.org.afilias-nst.info.","a2.org.afilias-nst.info.","b0.org.afilias-nst.org.","b2.org.afilias-nst.org.","c0.org.afilias-nst.info.","d0.org.afilias-nst.org."]}],"additional":[{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.56.1"]},{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:e::1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.112.1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:40::1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.54.1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:c::1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.120.1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:48::1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.53.1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:b::1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.57.1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:f::1"]}]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.587291000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"192.35.51.30","qname":"domaintools.com.","qtype":"A","qclass":"IN","rcode":"NOERROR","response":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":40813,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"domaintools.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["dns1.p04.nsone.net.","dns2.p04.nsone.net.","dns3.p04.nsone.net.","dns4.p04.nsone.net."]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM"]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg=="]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG"]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A=="]}],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.721721000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"208.94.148.13","qname":"fsi.io.","qtype":"TXT","qclass":"IN","rcode":"NOERROR","response":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":24287,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"fsi.io.","qclass":"IN","qtype":"TXT"}],"answer":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"TXT","rdata":["\"v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all\""]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs="]}],"authority":[],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.761629000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"208.94.148.13","qname":"does.not.exist.fsi.io.","qtype":"A","qclass":"IN","rcode":"NXDOMAIN","response":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA","response_json":{"header":{"opcode":"QUERY","rcode":"NXDOMAIN","id":20343,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600"]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc=","NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c="]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["_dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["a1.fmt1.fsi.io. A AAAA RRSIG NSEC"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds="]}],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.821594000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"198.51.44.4","qname":"domaintools.com.","qtype":"SOA","qclass":"IN","rcode":"NOERROR","response":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":56060,"flags":["qr","aa"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1232,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"SOA"}],"answer":[{"rrname":"domaintools.com.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200"]}],"authority":[],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2016-11-21 21:25:08.556331019","vname":"base","mname":"dnsobs","message":{"time":1479753746,"response_ip":"192.31.80.30","qname":"www.farsightsecurity.com.","qtype":"A","qclass":"IN","rcode":"NOERROR","response":"DmKAEAABAAAABQAFA3d3dxBmYXJzaWdodHNlY3VyaXR5A2NvbQAAAQABwBAAAgABAAKjAAASA25zNQtkbnNtYWRlZWFzecAhwBAAAgABAAKjAAAGA25zNsA6wBAAAgABAAKjAAAGA25zN8A6wBAAKwABAAFRgAAk7CYFAjZyw1z6j/FMnCI7hCd71kXAr1S61XkDdf55cWHkgBR5wBAALgABAAFRgACXACsIAgABUYBYO76tWDJzxRkEA2NvbQANb/jAwTh73dCouzH+jGlCprKSW/SJccMKn/4qGqe0Q9yE2q4m7s1saY6WYAdsfiz2iF5r/Qc1rpW+FrFieYRgxTGkqQP3Q7WBjy1EGeuYW8+QRzyUu8IxdQDKuuPC22Bof8u3zlxMF80RNLrKGfHK9Z1NuSeZABjvaWAG9NeQwsA2AAEAAQACowAABNBelA3ANgAcAAEAAqMAABAmABgAAAUAAAAAAAAAAAABwFQAAQABAAKjAAAE0FB8DcBmAAEAAQACowAABNBQfg0AACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":3682,"flags":["qr","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"farsightsecurity.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy.com."]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"DS","rdata":["60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479"]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI="]}],"additional":[{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.94.148.13"]},{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2600:1800:5::1"]},{"rrname":"ns6.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.124.13"]},{"rrname":"ns7.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.126.13"]}]},"query_zone":"com.","geoid":"VGhpcyBpcyBhIHRlc3Q=","sensor_id":"aa11ff99"}} diff --git a/tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg b/tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg new file mode 100644 index 000000000..0330d971d Binary files /dev/null and b/tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg differ diff --git a/tests/nmsg-dnsobs-tests/test1-dnsobs.pres b/tests/nmsg-dnsobs-tests/test1-dnsobs.pres new file mode 100644 index 000000000..3d29dcb8c --- /dev/null +++ b/tests/nmsg-dnsobs-tests/test1-dnsobs.pres @@ -0,0 +1,190 @@ +[479] [2023-07-13 17:41:09.408162000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270069 +response_ip: 192.5.5.241 +qname: icann.org. +qtype: A (1) +qclass: IN (1) +rcode: NOERROR (0) +response: [440 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 1472 +;; QUESTION SECTION: +;icann.org. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +org. 172800 IN NS a0.org.afilias-nst.info. +org. 172800 IN NS a2.org.afilias-nst.info. +org. 172800 IN NS b0.org.afilias-nst.org. +org. 172800 IN NS b2.org.afilias-nst.org. +org. 172800 IN NS c0.org.afilias-nst.info. +org. 172800 IN NS d0.org.afilias-nst.org. + +;; ADDITIONAL SECTION: +a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 +a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 +a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 +a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 +b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 +b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 +b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 +b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 +c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 +c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 +d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 +d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 +--- +sensor_id: aa11ff99 + +[727] [2023-07-13 17:41:10.587291000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 192.35.51.30 +qname: domaintools.com. +qtype: A (1) +qclass: IN (1) +rcode: NOERROR (0) +response: [682 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;domaintools.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +domaintools.com. 172800 IN NS dns1.p04.nsone.net. +domaintools.com. 172800 IN NS dns2.p04.nsone.net. +domaintools.com. 172800 IN NS dns3.p04.nsone.net. +domaintools.com. 172800 IN NS dns4.p04.nsone.net. +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg== +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN NSEC3 1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN RRSIG NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A== + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[343] [2023-07-13 17:41:10.721721000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 208.94.148.13 +qname: fsi.io. +qtype: TXT (16) +qclass: IN (1) +rcode: NOERROR (0) +response: [307 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 +;; flags: qr aa cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 +;; QUESTION SECTION: +;fsi.io. IN TXT + +;; ANSWER SECTION: +fsi.io. 3600 IN TXT "v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all" +fsi.io. 3600 IN RRSIG TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs= + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[795] [2023-07-13 17:41:10.761629000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 208.94.148.13 +qname: does.not.exist.fsi.io. +qtype: A (1) +qclass: IN (1) +rcode: NXDOMAIN (3) +response: [744 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 20343 +;; flags: qr aa cd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 +;; QUESTION SECTION: +;does.not.exist.fsi.io. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +fsi.io. 3600 IN SOA fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600 +fsi.io. 3600 IN RRSIG SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc= +fsi.io. 3600 IN NSEC _dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534 +fsi.io. 3600 IN RRSIG NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c= +autodiscover.exch.fsi.io. 3600 IN NSEC a1.fmt1.fsi.io. A AAAA RRSIG NSEC +autodiscover.exch.fsi.io. 3600 IN RRSIG NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds= + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[153] [2023-07-13 17:41:10.821594000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 198.51.44.4 +qname: domaintools.com. +qtype: SOA (6) +qclass: IN (1) +rcode: NOERROR (0) +response: [109 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1232 +;; QUESTION SECTION: +;domaintools.com. IN SOA + +;; ANSWER SECTION: +domaintools.com. 3600 IN SOA dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200 + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[483] [2016-11-21 21:25:08.556331019] [1:14 base dnsobs] [00000000] [] [] +time: 1479753746 +response_ip: 192.31.80.30 +qname: www.farsightsecurity.com. +qtype: A (1) +qclass: IN (1) +rcode: NOERROR (0) +response: [406 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3682 +;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;www.farsightsecurity.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +farsightsecurity.com. 172800 IN NS ns5.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns6.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns7.dnsmadeeasy.com. +farsightsecurity.com. 86400 IN DS 60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479 +farsightsecurity.com. 86400 IN RRSIG DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI= + +;; ADDITIONAL SECTION: +ns5.dnsmadeeasy.com. 172800 IN A 208.94.148.13 +ns5.dnsmadeeasy.com. 172800 IN AAAA 2600:1800:5::1 +ns6.dnsmadeeasy.com. 172800 IN A 208.80.124.13 +ns7.dnsmadeeasy.com. 172800 IN A 208.80.126.13 +--- +query_zone: com. +geoid: +sensor_id: aa11ff99 + diff --git a/tests/nmsg-dnsqr-tests/test.sh.in b/tests/nmsg-dnsqr-tests/test.sh.in new file mode 100755 index 000000000..78c7f1d8a --- /dev/null +++ b/tests/nmsg-dnsqr-tests/test.sh.in @@ -0,0 +1,89 @@ +#!/bin/sh + +status=0 + +check() { + if [ $? = "0" ]; then + echo "PASS: $*" + else + echo "FAIL: $*" + status=1 + fi +} + +NMSG_MSGMOD_DIR="@abs_top_builddir@/nmsg/base/.libs" +export NMSG_MSGMOD_DIR +NMSGTOOL="@abs_top_builddir@/src/nmsgtool" + +SOURCE=@abs_top_srcdir@/tests/nmsg-dnsqr-tests/test1-dnsqr +OUTPUT=@abs_top_builddir@/tests/nmsg-dnsqr-tests/test1-dnsqr + +# cleanup from previous run +rm -f ${OUTPUT}*out + +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dnsqr and create presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +# output should be same as input +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dnsqr and create nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dnsqr and create json output +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +############ + +$NMSGTOOL -j ${SOURCE}.json > ${OUTPUT}.json.pres.out +check read json base:dnsqr and create presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out +check json-to-presentation + +# output should be same as input +$NMSGTOOL -j ${SOURCE}.json -J ${OUTPUT}.json.json.out +check read json base:dnsqr and create json output +cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out +check json-to-json + +$NMSGTOOL -j ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +check read json base:dnsqr and create nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out +check json-to-nmsg + +############## + +# workaround because --setsource does not work with --writepres +$NMSGTOOL -V base -T dnsqr --readpcap ${SOURCE}.pcap | sed -e 's/ \[00000000\] / \[19721976\] /' > ${OUTPUT}.pcap.pres.out +check read pcap base:dnsqr and create presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.pcap.pres.out +check pcap-to-presentation + +# workaround because --setsource does not work with --writejson +# this should fail when "source" is fixed since it will be repeated +$NMSGTOOL -V base -T dnsqr --readpcap ${SOURCE}.pcap -J - | sed -e 's/"mname":"dnsqr",/"mname":"dnsqr","source":"19721976",/' > ${OUTPUT}.pcap.json.out +check read pcap base:dnsqr and create json output +cmp -s ${SOURCE}.json ${OUTPUT}.pcap.json.out +check pcap-to-json + +# pcap doesn't have source so set it +$NMSGTOOL -V base -T dnsqr --setsource 0x19721976 --readpcap ${SOURCE}.pcap -w ${OUTPUT}.pcap.nmsg.out +check read pcap base:dnsqr and create nmsg output and test setsource +cmp -s ${SOURCE}.nmsg ${OUTPUT}.pcap.nmsg.out +check pcap-to-nmsg + +######## +# try example code too + +env LD_LIBRARY_PATH=@abs_top_builddir@/nmsg/.libs/ @abs_top_builddir@/examples/.libs/nmsg-dnsqr2pcap ${SOURCE}.nmsg ${OUTPUT}.nmsg.pcap.out +check read nmsg base:dnsqr and generate pcap output using example +cmp -s ${SOURCE}.pcap ${OUTPUT}.nmsg.pcap.out +check example-nmsg-to-pcap + +# NOTE: --readpres is not fully implemented for base:dnsqr so aborts + +exit $status diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.json b/tests/nmsg-dnsqr-tests/test1-dnsqr.json new file mode 100644 index 000000000..bc67eb401 --- /dev/null +++ b/tests/nmsg-dnsqr-tests/test1-dnsqr.json @@ -0,0 +1,5 @@ +{"time":"2023-07-13 17:41:09.408162000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.5.5.241","proto":"UDP","query_port":54924,"response_port":53,"id":60913,"qname":"icann.org.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAATti+AABAEZ8mywBxw8AFBfHWjAA1ADryTe3xASAAAQAAAAAAAQVpY2FubgNvcmcAAAEAAQAAKRAAAAAAAAAMAAoACMoioMhp2RCB"],"query_time_sec":[1689270069],"query_time_nsec":[408162000],"response_packet":["RQAB1O1eQAA6EU8AwAUF8csAccMANdaMAcCUqu3xgQAAAQAAAAYADQVpY2FubgNvcmcAAAEAAcASAAIAAQACowAAGQJhMANvcmcLYWZpbGlhcy1uc3QEaW5mbwDAEgACAAEAAqMAAAUCYTLAKsASAAIAAQACowAAFQJiMANvcmcLYWZpbGlhcy1uc3TAEsASAAIAAQACowAABQJiMsBgwBIAAgABAAKjAAAFAmMwwCrAEgACAAEAAqMAAAUCZDDAYMAnAAEAAQACowAABMcTOAHAJwAcAAEAAqMAABAgAQUAAA4AAAAAAAAAAAABwEwAAQABAAKjAAAEx/lwAcBMABwAAQACowAAECABBQAAQAAAAAAAAAAAAAHAXQABAAEAAqMAAATHEzYBwF0AHAABAAKjAAAQIAEFAAAMAAAAAAAAAAAAAcB+AAEAAQACowAABMf5eAHAfgAcAAEAAqMAABAgAQUAAEgAAAAAAAAAAAABwI8AAQABAAKjAAAExxM1AcCPABwAAQACowAAECABBQAACwAAAAAAAAAAAAHAoAABAAEAAqMAAATHEzkBwKAAHAABAAKjAAAQIAEFAAAPAAAAAAAAAAAAAQAAKQXAAAAAAAAA"],"response_time_sec":[1689270069],"response_time_nsec":[413872000],"delay":0.00571,"udp_checksum":"CORRECT","query":"7fEBIAABAAAAAAABBWljYW5uA29yZwAAAQABAAApEAAAAAAAAAwACgAIyiKgyGnZEIE=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":60913,"flags":["rd","ad"],"opt":{"edns":{"version":0,"flags":[],"udp":4096,"options":["OPT=10: ca 22 a0 c8 69 d9 10 81 (\".\"..i...\")"]}}},"question":[{"qname":"icann.org.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[],"additional":[]},"response":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA=","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":60913,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":[],"udp":1472,"options":[]}}},"question":[{"qname":"icann.org.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"org.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["a0.org.afilias-nst.info.","a2.org.afilias-nst.info.","b0.org.afilias-nst.org.","b2.org.afilias-nst.org.","c0.org.afilias-nst.info.","d0.org.afilias-nst.org."]}],"additional":[{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.56.1"]},{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:e::1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.112.1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:40::1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.54.1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:c::1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.120.1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:48::1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.53.1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:b::1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.57.1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:f::1"]}]},"dns":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA="}} +{"time":"2023-07-13 17:41:10.587291000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.35.51.30","proto":"UDP","query_port":54920,"response_port":53,"id":40813,"qname":"domaintools.com.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAAVGLSAABAEefBywBxw8AjMx7WiAA1AEDhEZ9tASAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAEAAQAAKRAAAACAAAAMAAoACNeNhsA3krV+"],"query_time_sec":[1689270070],"query_time_nsec":[587291000],"response_packet":["RQACxi9tAAA5ER+1wCMzHssAccMANdaIArLmm59tgQAAAQAAAAgAAQtkb21haW50b29scwNjb20AAAEAAcAMAAIAAQACowAAFARkbnMxA3AwNAVuc29uZQNuZXQAwAwAAgABAAKjAAAHBGRuczLAMsAMAAIAAQACowAABwRkbnMzwDLADAACAAEAAqMAAAcEZG5zNMAyIENLMFBPSk1HODc0TEpSRUY3RUZOODQzMFFWSVQ4QlNNwBgAMgABAAFRgAAjAQEAAAAUZQGhNNeRJHdqKLqGC/DBwRHqogUAByIAAAAAApDAegAuAAEAAVGAALcAMggCAAFRgGS0wklkq3dhtdcDY29tAEW46MG+JGryljuL7+NangAgPc/yLBBtsg3vEnR2nCRWnQoF8xHrEjXphFrzFkLfDP6y+HhVLA1GfBesouEN9taNt+/8v5pu7xib1b7RmsTO/0wPOn32gSnIFUtBHfa0T0sFK75LJtwiixomydtbvehwke7JEUurWr1PSH23/u3RVU72/MmPLq3bk0/6HIhdXfDwxjSmJrOZPLuoPL9VpW4gMEYzVDMyRklHUUw0OUg0UFRHVkY0SkhLVTQ0OEwyUUfAGAAyAAEAAVGAACIBAQAAABQDx9WWFkDdf59Iz/qEt9Qlk72QDQAGIAAAAAASwY0ALgABAAFRgAC3ADIIAgABUYBktM1aZKuCcrXXA2NvbQANbzsjZCLYcCyNTETZPMiu8i7/Reo1ECKua2C+LxXnXjXrue7hh3dRp/jD3jCa1X17jt09mvX06/lDEtxNPGOx6SPaKWklNwLSROGnNy0M4qRHptia7iSWjQpj//dq2GKpxIf+qSukJOYJQ5bdXdWM7phhT2waoSJ0EFklRS69+btImoNk2gxcVmaIbrZrMIqCel46DEYw+8vRIV3xLVbwAAApEAAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[611475000],"delay":0.024184000000000001,"udp_checksum":"CORRECT","query":"n20BIAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAAAQABAAApEAAAAIAAAAwACgAI142GwDeStX4=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":40813,"flags":["rd","ad"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":["OPT=10: d7 8d 86 c0 37 92 b5 7e (\"....7..~\")"]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[],"additional":[]},"response":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":40813,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"domaintools.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["dns1.p04.nsone.net.","dns2.p04.nsone.net.","dns3.p04.nsone.net.","dns4.p04.nsone.net."]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM"]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg=="]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG"]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A=="]}],"additional":[]},"dns":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA=="}} +{"time":"2023-07-13 17:41:10.721721000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":26869,"response_port":53,"id":24287,"qname":"fsi.io.","qclass":"IN","qtype":"TXT","rcode":"NOERROR","query_packet":["RQAAPwAAAABAEdl+ywBxw9BelA1o9QA1ACuEcl7fABAAAQAAAAAAAQNmc2kCaW8AABAAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[721721000],"response_packet":["RQABT6tDAAA2ETcr0F6UDcsAccMANWj1ATvITl7fhBAAAQACAAAAAQNmc2kCaW8AABAAAcAMABAAAQAADhAAXl12PXNwZjEgbXggYSBhOnN1cHBvcnQuZmFyc2lnaHRzZWN1cml0eS5jb20gYTpleGNoLmZzaS5pbyBhOnByb2QtbWFpbC1yZWxheS0xLmlhZDEuZnNpLmlvIH5hbGzADAAuAAEAAA4QAJoAEAUCAAAOEGTFu61kniT5B1ADZnNpAmlvAD5TwMoJVP5f4pNkb5GH5PsxSy2l027ZyspnlDta0LU5JhtnNxtlT80LTJHdcuojOCobwQF+VmuX7XLREDVCkXMbJfB/wZ8JAznfc8Xv4YAtnHQblboBKCPUAAqn4HgQvkz8/NudOV3eB+MF9K5Rp/fp0Wi3lbkQ9rNXugoqT32bAAApBQAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[729020000],"delay":0.007299,"udp_checksum":"CORRECT","query":"Xt8AEAABAAAAAAABA2ZzaQJpbwAAEAABAAApEAAAAIAAAAA=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":24287,"flags":["cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"fsi.io.","qclass":"IN","qtype":"TXT"}],"answer":[],"authority":[],"additional":[]},"response":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":24287,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"fsi.io.","qclass":"IN","qtype":"TXT"}],"answer":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"TXT","rdata":["\"v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all\""]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs="]}],"authority":[],"additional":[]},"dns":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA=="}} +{"time":"2023-07-13 17:41:10.761629000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":16873,"response_port":53,"id":20343,"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A","rcode":"NXDOMAIN","query_packet":["RQAATrw7AABAER00ywBxw9BelA1B6QA1ADr1Yk93ABAAAQAAAAAAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[761629000],"response_packet":["RQADBKtMAAA2ETVt0F6UDcsAccMANUHpAvDJa093hBMAAQAAAAYAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQNmc2kCaW8AAAYAAQAADhAAI8AnCmhvc3RtYXN0ZXLAJ3iVe2EAABwgAAAOEAAJOoAAAA4QwCcALgABAAAOEACaAAYFAgAADhBk14g6ZK/tKgdQA2ZzaQJpbwDaDZ9TJYU/Ge683xNrkY7qjtpJDkrtvy79Dq9n1v3m0oYhXVzgMVPLHuzEu3/gTJDSYeuwnu0/2ZauH1dlc6YNqPbSmF6hmSfyT0ppcGnm8s6bcHRUAftO73gQdGLLRY402UOXDjzRb3zwQIppnvS6q2uwI3B/tTwVmuvsBJsdx8B6AC8AAQAADhAARxNfZGFzaGxhbmUtY2hhbGxlbmdlA2ZzaQJpbwAAB2IBgAgAA4D/IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwSIALgABAAAOEACaAC8FAgAADhBkxuzUZJ9UOgdQA2ZzaQJpbwDKQpgnIgjdFrF97L53ZCG4KMr79Mk60Lf71iRNZLG46Qw4xT6ZSkeDyqFye40htaCwP1hkVhGDUxM9LIcjcAy9LvCoE3ydG/Y7XZk8Gq/GARMxpLju1GfVDlwZ2PlpCFkFO0xBacTl4EZgFZGrFHukOCi4I9LxbgdaFss5+Wz/twxhdXRvZGlzY292ZXIEZXhjaANmc2kCaW8AAC8AAQAADhAAGAJhMQRmbXQxA2ZzaQJpbwAABkAAAAgAA8H7AC4AAQAADhAAmgAvBQQAAA4QZM5P5GSmwf8HUANmc2kCaW8AojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDdsAACkFAAAAgAAAAA=="],"response_time_sec":[1689270070],"response_time_nsec":[766528000],"delay":0.004899,"udp_checksum":"CORRECT","query":"T3cAEAABAAAAAAABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABAAApEAAAAIAAAAA=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":20343,"flags":["cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[],"additional":[]},"response":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA","response_json":{"header":{"opcode":"QUERY","rcode":"NXDOMAIN","id":20343,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600"]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc=","NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c="]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["_dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["a1.fmt1.fsi.io. A AAAA RRSIG NSEC"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds="]}],"additional":[]},"dns":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA"}} +{"time":"2023-07-13 17:41:10.821594000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"198.51.44.4","proto":"UDP","query_port":12736,"response_port":53,"id":56060,"qname":"domaintools.com.","qclass":"IN","qtype":"SOA","rcode":"NOERROR","query_packet":["RQAASBKeAABAETkMywBxw8YzLAQxwAA1ADSS+tr8ABAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAYAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[821594000],"response_packet":["RQAAiXV5QAA5EZzvxjMsBMsAccMANTHAAHVmdNr8hAAAAQABAAAAAQtkb21haW50b29scwNjb20AAAYAAcAMAAYAAQAADhAANQRkbnMxA3AwNAVuc29uZQNuZXQACmhvc3RtYXN0ZXLANmImUjYAAA4QAAACWAAJOoAAAKjAAAApBNAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[828980000],"delay":0.007386,"udp_checksum":"CORRECT","query":"2vwAEAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABAAApEAAAAIAAAAA=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":56060,"flags":["cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"SOA"}],"answer":[],"authority":[],"additional":[]},"response":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":56060,"flags":["qr","aa"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1232,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"SOA"}],"answer":[{"rrname":"domaintools.com.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200"]}],"authority":[],"additional":[]},"dns":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA=="}} diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg b/tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg new file mode 100644 index 000000000..a2f2bce18 Binary files /dev/null and b/tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg differ diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.pcap b/tests/nmsg-dnsqr-tests/test1-dnsqr.pcap new file mode 100644 index 000000000..467d17bee Binary files /dev/null and b/tests/nmsg-dnsqr-tests/test1-dnsqr.pcap differ diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.pres b/tests/nmsg-dnsqr-tests/test1-dnsqr.pres new file mode 100644 index 000000000..9c2cf0fdf --- /dev/null +++ b/tests/nmsg-dnsqr-tests/test1-dnsqr.pres @@ -0,0 +1,262 @@ +[623] [2023-07-13 17:41:09.408162000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 192.5.5.241 +proto: UDP (17) +query_port: 54924 +response_port: 53 +id: 60913 +qname: icann.org. +qclass: IN (1) +qtype: A (1) +rcode: NOERROR (0) +delay: 0.005710 +udp_checksum: CORRECT +query: [50 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 +;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 4096 +; OPT=10: ca 22 a0 c8 69 d9 10 81 ("."..i...") +;; QUESTION SECTION: +;icann.org. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [440 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 1472 +;; QUESTION SECTION: +;icann.org. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +org. 172800 IN NS a0.org.afilias-nst.info. +org. 172800 IN NS a2.org.afilias-nst.info. +org. 172800 IN NS b0.org.afilias-nst.org. +org. 172800 IN NS b2.org.afilias-nst.org. +org. 172800 IN NS c0.org.afilias-nst.info. +org. 172800 IN NS d0.org.afilias-nst.org. + +;; ADDITIONAL SECTION: +a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 +a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 +a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 +a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 +b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 +b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 +b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 +b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 +c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 +c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 +d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 +d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 +--- + +[877] [2023-07-13 17:41:10.587291000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 192.35.51.30 +proto: UDP (17) +query_port: 54920 +response_port: 53 +id: 40813 +qname: domaintools.com. +qclass: IN (1) +qtype: A (1) +rcode: NOERROR (0) +delay: 0.024184 +udp_checksum: CORRECT +query: [56 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 +;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +; OPT=10: d7 8d 86 c0 37 92 b5 7e ("....7..~") +;; QUESTION SECTION: +;domaintools.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [682 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;domaintools.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +domaintools.com. 172800 IN NS dns1.p04.nsone.net. +domaintools.com. 172800 IN NS dns2.p04.nsone.net. +domaintools.com. 172800 IN NS dns3.p04.nsone.net. +domaintools.com. 172800 IN NS dns4.p04.nsone.net. +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg== +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN NSEC3 1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN RRSIG NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A== + +;; ADDITIONAL SECTION: +--- + +[472] [2023-07-13 17:41:10.721721000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 208.94.148.13 +proto: UDP (17) +query_port: 26869 +response_port: 53 +id: 24287 +qname: fsi.io. +qclass: IN (1) +qtype: TXT (16) +rcode: NOERROR (0) +delay: 0.007299 +udp_checksum: CORRECT +query: [35 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 +;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;fsi.io. IN TXT + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [307 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 +;; flags: qr aa cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 +;; QUESTION SECTION: +;fsi.io. IN TXT + +;; ANSWER SECTION: +fsi.io. 3600 IN TXT "v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all" +fsi.io. 3600 IN RRSIG TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs= + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- + +[939] [2023-07-13 17:41:10.761629000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 208.94.148.13 +proto: UDP (17) +query_port: 16873 +response_port: 53 +id: 20343 +qname: does.not.exist.fsi.io. +qclass: IN (1) +qtype: A (1) +rcode: NXDOMAIN (3) +delay: 0.004899 +udp_checksum: CORRECT +query: [50 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 20343 +;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;does.not.exist.fsi.io. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [744 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 20343 +;; flags: qr aa cd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 +;; QUESTION SECTION: +;does.not.exist.fsi.io. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +fsi.io. 3600 IN SOA fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600 +fsi.io. 3600 IN RRSIG SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc= +fsi.io. 3600 IN NSEC _dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534 +fsi.io. 3600 IN RRSIG NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c= +autodiscover.exch.fsi.io. 3600 IN NSEC a1.fmt1.fsi.io. A AAAA RRSIG NSEC +autodiscover.exch.fsi.io. 3600 IN RRSIG NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds= + +;; ADDITIONAL SECTION: +--- + +[291] [2023-07-13 17:41:10.821594000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 198.51.44.4 +proto: UDP (17) +query_port: 12736 +response_port: 53 +id: 56060 +qname: domaintools.com. +qclass: IN (1) +qtype: SOA (6) +rcode: NOERROR (0) +delay: 0.007386 +udp_checksum: CORRECT +query: [44 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 +;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;domaintools.com. IN SOA + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [109 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1232 +;; QUESTION SECTION: +;domaintools.com. IN SOA + +;; ANSWER SECTION: +domaintools.com. 3600 IN SOA dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200 + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- + diff --git a/tests/nmsg-dnstap-tests/test.sh.in b/tests/nmsg-dnstap-tests/test.sh.in index e2255563a..08093574a 100755 --- a/tests/nmsg-dnstap-tests/test.sh.in +++ b/tests/nmsg-dnstap-tests/test.sh.in @@ -31,4 +31,32 @@ check response_message $NMSGTOOL -r $PAYLOAD | fgrep -q "qname: www.farsightsecurity.com." check response_message +##### +# The following tests make the above redundant. + +SOURCE=@abs_top_srcdir@/tests/nmsg-dnstap-tests/test1-dnstap +OUTPUT=@abs_top_builddir@/tests/nmsg-dnstap-tests/test1-dnstap + +# cleanup from previous run +rm -f ${OUTPUT}*out + +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dnstap and create presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +# output should be same as input +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dnstap and create nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dnstap and create json output +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +# NOTE: --readjson for base:dnstap is incomplete +# NOTE: --readpres is not fully implemented for base:dnstap + exit $status diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.json b/tests/nmsg-dnstap-tests/test1-dnstap.json new file mode 100644 index 000000000..ae1ed277b --- /dev/null +++ b/tests/nmsg-dnstap-tests/test1-dnstap.json @@ -0,0 +1 @@ +{"time":"2016-11-21 21:25:08.556331019","vname":"base","mname":"dnstap","message":{"identity":"bWlray5uZXQ=","version":"dW5ib3VuZCAxLjUuMTA=","type":"MESSAGE","message_type":"RESOLVER_RESPONSE","socket_family":"INET","socket_protocol":"UDP","query_time_sec":1479753746,"query_time_nsec":70887000,"response_address":"192.31.80.30","response_port":53,"response_time_sec":1479753746,"response_time_nsec":112706000,"query_zone":"com.","response_message":"DmKAEAABAAAABQAFA3d3dxBmYXJzaWdodHNlY3VyaXR5A2NvbQAAAQABwBAAAgABAAKjAAASA25zNQtkbnNtYWRlZWFzecAhwBAAAgABAAKjAAAGA25zNsA6wBAAAgABAAKjAAAGA25zN8A6wBAAKwABAAFRgAAk7CYFAjZyw1z6j/FMnCI7hCd71kXAr1S61XkDdf55cWHkgBR5wBAALgABAAFRgACXACsIAgABUYBYO76tWDJzxRkEA2NvbQANb/jAwTh73dCouzH+jGlCprKSW/SJccMKn/4qGqe0Q9yE2q4m7s1saY6WYAdsfiz2iF5r/Qc1rpW+FrFieYRgxTGkqQP3Q7WBjy1EGeuYW8+QRzyUu8IxdQDKuuPC22Bof8u3zlxMF80RNLrKGfHK9Z1NuSeZABjvaWAG9NeQwsA2AAEAAQACowAABNBelA3ANgAcAAEAAqMAABAmABgAAAUAAAAAAAAAAAABwFQAAQABAAKjAAAE0FB8DcBmAAEAAQACowAABNBQfg0AACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":3682,"flags":["qr","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"farsightsecurity.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy.com."]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"DS","rdata":["60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479"]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI="]}],"additional":[{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.94.148.13"]},{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2600:1800:5::1"]},{"rrname":"ns6.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.124.13"]},{"rrname":"ns7.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.126.13"]}]},"id":3682,"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A","rcode":"NOERROR"}} diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.nmsg b/tests/nmsg-dnstap-tests/test1-dnstap.nmsg new file mode 100644 index 000000000..a3355c754 Binary files /dev/null and b/tests/nmsg-dnstap-tests/test1-dnstap.nmsg differ diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.pres b/tests/nmsg-dnstap-tests/test1-dnstap.pres new file mode 100644 index 000000000..65b7b576a --- /dev/null +++ b/tests/nmsg-dnstap-tests/test1-dnstap.pres @@ -0,0 +1,44 @@ +[483] [2016-11-21 21:25:08.556331019] [1:13 base dnstap] [00000000] [] [] +identity: +version: +type: MESSAGE +message_type: RESOLVER_RESPONSE +socket_family: INET +socket_protocol: UDP +query_time_sec: 1479753746 +query_time_nsec: 70887000 +response_address: 192.31.80.30 +response_port: 53 +response_time_sec: 1479753746 +response_time_nsec: 112706000 +query_zone: com. +response_message: [406 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3682 +;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;www.farsightsecurity.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +farsightsecurity.com. 172800 IN NS ns5.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns6.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns7.dnsmadeeasy.com. +farsightsecurity.com. 86400 IN DS 60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479 +farsightsecurity.com. 86400 IN RRSIG DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI= + +;; ADDITIONAL SECTION: +ns5.dnsmadeeasy.com. 172800 IN A 208.94.148.13 +ns5.dnsmadeeasy.com. 172800 IN AAAA 2600:1800:5::1 +ns6.dnsmadeeasy.com. 172800 IN A 208.80.124.13 +ns7.dnsmadeeasy.com. 172800 IN A 208.80.126.13 +--- +id: 3682 +qname: www.farsightsecurity.com. +qclass: IN (1) +qtype: A (1) +rcode: NOERROR (0) +