From 26e4efad5a3db619150bf502183479f42b30d27f Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 10 Aug 2023 18:05:05 +0000 Subject: [PATCH 01/14] add some base:dns tests --- Makefile.am | 1 + configure.ac | 3 + tests/nmsg-dns-tests/test.sh.in | 83 ++++++++++++++++++++++++++++ tests/nmsg-dns-tests/test1-dns.json | 10 ++++ tests/nmsg-dns-tests/test1-dns.nmsg | Bin 0 -> 724 bytes tests/nmsg-dns-tests/test1-dns.pres | 80 +++++++++++++++++++++++++++ tests/nmsg-dns-tests/test2-dns.json | 8 +++ tests/nmsg-dns-tests/test2-dns.nmsg | Bin 0 -> 1913 bytes tests/nmsg-dns-tests/test2-dns.pres | 72 ++++++++++++++++++++++++ 9 files changed, 257 insertions(+) create mode 100755 tests/nmsg-dns-tests/test.sh.in create mode 100644 tests/nmsg-dns-tests/test1-dns.json create mode 100644 tests/nmsg-dns-tests/test1-dns.nmsg create mode 100644 tests/nmsg-dns-tests/test1-dns.pres create mode 100644 tests/nmsg-dns-tests/test2-dns.json create mode 100644 tests/nmsg-dns-tests/test2-dns.nmsg create mode 100644 tests/nmsg-dns-tests/test2-dns.pres diff --git a/Makefile.am b/Makefile.am index a2a64275..c186a359 100644 --- a/Makefile.am +++ b/Makefile.am @@ -383,6 +383,7 @@ noinst_PROGRAMS += \ examples/print_version TESTS += tests/json-utf8-tests/test.sh +TESTS += tests/nmsg-dns-tests/test.sh TESTS += tests/nmsg-dnstap-tests/test.sh TESTS += tests/payload-crc32c-tests/test.sh TESTS += tests/string-tests/test.sh diff --git a/configure.ac b/configure.ac index 52304b61..5f0c56d8 100644 --- a/configure.ac +++ b/configure.ac @@ -42,6 +42,9 @@ AC_CONFIG_FILES([Makefile doc/doxygen/Doxyfile nmsg/libnmsg.pc nmsg/version.h]) AC_CONFIG_FILES([tests/json-utf8-tests/test.sh], [chmod +x tests/json-utf8-tests/test.sh]) +AC_CONFIG_FILES([tests/nmsg-dns-tests/test.sh], + [chmod +x tests/nmsg-dns-tests/test.sh]) + AC_CONFIG_FILES([tests/nmsg-dnstap-tests/test.sh], [chmod +x tests/nmsg-dnstap-tests/test.sh]) diff --git a/tests/nmsg-dns-tests/test.sh.in b/tests/nmsg-dns-tests/test.sh.in new file mode 100755 index 00000000..e289a754 --- /dev/null +++ b/tests/nmsg-dns-tests/test.sh.in @@ -0,0 +1,83 @@ +#!/bin/sh -x + +status=0 + +check() { + if [ $? = "0" ]; then + echo "PASS: $*" + else + echo "FAIL: $*" + status=1 + fi +} + +NMSG_MSGMOD_DIR="@abs_top_builddir@/nmsg/base/.libs" +export NMSG_MSGMOD_DIR +NMSGTOOL="@abs_top_builddir@/src/nmsgtool" + +SOURCE=@abs_top_srcdir@/tests/nmsg-dns-tests/test1-dns +OUTPUT=@abs_top_builddir@/tests/nmsg-dns-tests/test1-dns + +# cleanup from previous run +rm -f ${OUTPUT}*out + +echo read nmsg base:dns base:dns and create presentation output +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +echo read nmsg base:dns and create json output +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +# output should be same as input +echo read nmsg base:dns and create nmsg output +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +echo read json base:dns and create presentation output +$NMSGTOOL -j ${SOURCE}.json > ${OUTPUT}.json.pres.out +cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out +check json-to-presentation + +# output should be same as input +echo read json base:dns and create json output +$NMSGTOOL -j ${SOURCE}.json -J ${OUTPUT}.json.json.out +cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out +check json-to-json + +echo read json base:dns and create nmsg output +$NMSGTOOL -j ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out +check json-to-nmsg + +# another test input +# TODO: use a function since is repeated + +echo read nmsg base:dns and create presentation output +$NMSGTOOL -r @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.nmsg > @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.pres.out +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.pres @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.pres.out +check nmsg-to-presentation + +echo read nmsg base:dns and create json output +$NMSGTOOL -r @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.nmsg -J @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.json.out +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.json.out +check nmsg-to-json + +echo read json base:dns and create presentation output +$NMSGTOOL -j @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json > @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.pres.out +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.pres @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.pres.out +check json-to-presentation + +echo read json base:dns and create json output +$NMSGTOOL -j @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json -J @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.json.out +cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.json.out +check json-to-json + +# TODO: check nmsgtool result + +# NOTE: --readpres is not fully implemented for base:dns so aborts + +exit $status diff --git a/tests/nmsg-dns-tests/test1-dns.json b/tests/nmsg-dns-tests/test1-dns.json new file mode 100644 index 00000000..e8a4075e --- /dev/null +++ b/tests/nmsg-dns-tests/test1-dns.json @@ -0,0 +1,10 @@ +{"time":"2011-02-09 19:41:52.068575000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"TXT","rrttl":3600,"rdata":["\"Hello\""]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"test1.example.net.","qclass":"IN","qtype":"A","section":1,"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"SPF","rrttl":172800,"rdata":["\"10.11.12.13\"","\"10.12.13.14\""]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"garbage-class.test1.example.net.","qclass":"IN","qtype":"A","rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-class.test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} diff --git a/tests/nmsg-dns-tests/test1-dns.nmsg b/tests/nmsg-dns-tests/test1-dns.nmsg new file mode 100644 index 0000000000000000000000000000000000000000..c55eb605778fea23e1c823d0602ebf7d42f454f8 GIT binary patch literal 724 zcmebC4R&W>Vqjo8#bwIDD8Me!aOd>R7lTPS{8*&lWDS%=XmkGKV%0xJD@aqzo)phhE skHEnx?dk$Yey-TaD6nzno+HcxE#FS>Mrq49ESH=OXFC2kFYWi=^L~9lzwhhy`F%dG$Hm#h9)JKqHVO`q0}3LqUxrtA+^6n}@4 z!-q+NI>lN??1(N$^if>5s=4I0nm*Kv!VG53ZdBzrgIyzAV5Z}5Rdxtr*``F zG(DB`1_(Ixl+jYd#2&$ITwew$_po~RZElMNdm+ukvo_H-sL1nd6o?)%reiatbWk4I zSqjGfbXZ-af_Y$*e;;%7Pa|Ba)NwyYG^0A@-QB1)9oM(SbwUqGjJK?Xd;_cFr?x58 zKZ>{`65i2ni10KtQISgB$TIL}-bvR<(+k0Wx~uIwf`6DYNbD;ocn~j`*N*NkX4~~+ zRYL9CH|hVA$1X4^F#H+Nr=4p3`6S-*pP)=a=?ZfEw;d(C5(bCXY^&gJ6;rjhnG9@I z_g&HrD+$NChSQLN2M0Mt_l%yXk?~jQiF!0wM`o+5^(u$ccHB+l)Q``vO;roEbk~Wz z;HuwTWBqasnsu#xsfoIzcM;Q|-(O2i2@+|rL>eNIhDxMFi8M?i4VOswNu&`H>3)fn z^gD$y^CPD-n>e$%#3`c!0|Ui5)t`+!iVD}r%pWh2nVnxXJO3OuNr6BBC5Hk5usgQT z25)Zte$qF#bb^wze%v-@!`C-m11Y0hRtd|@emv7iSWZz@#pW2Bms>?Qv)tX;p^&`Z z%gP*{qA*|BzZ4oY7~1_Vuro_XF)dV8JD>wGjL((*$nv|cnu)%zd~!jzkSh{-j|%8) z{ho?XDrD(`>{!)Ujqo8GGts&eA0EHM@vyyCT~rHQiehF0GcMHU1o>_99}Wu(xObA3 zSK4Sv-|Nuq%8s@|zYpb12-3Wx>wY%HWVN}r+ZVlZxChSElFn3>P3t}$N~|hhzRE#J zc?Ju}N?;Z)d=N>cFUO>S9f7E}jj&{&#JW~~7Kv*HGz z$MOn&WXnyiqB?aaemOBldVG{0xJ<(f!>5zb3t#`Ocfhz_!&BXP`tG+EP3eGtTl^X| z{L_OlZ4rhurG8sKp*q2C&t<{*YMfh^wkBz~+wH5XZNF5qlF%ZDYNXiG>?v~R8u1FxRhu@odat2`V9Z;+S*Z0bV}FqsXfpWJ(^5K- zsKN(WnCzG9f(j$cn;RGk;;@gBcs&|iJZNWW%5aoH*PaUsc-1KDbDVkXHqYJW#*!*7 z3w+bDJaTiH`qL}@BFnZ*ru%L|!H&jiV~0fOy-Spawzn{O`|J>Fcjur}8~zy&hJb<796+9 z63TmAM{^%Y*E{ITuW!e_sP%|DGWwvzct$nM3>~I3-gT?k3$=25a(Hdcy_?1Cn6$_N z;k75s!i<_7r7yo9Vw%O^m(o|fux?88v8cr9mL`on?0tty@6FcA^gKJHMEtPTo}=4^ zpKKH@_6!w2q*mN8v@SNN$OG_9fGarYp{|ui{~`RG6X0@4$c<#*MZ<9aQ+1pSPBXx z0LaR@nlHM>k^?(=my;}X*Xndtl7pItpr#`Ns@<}UyTTP%Iz+}dN_hxjJ@ z=O8(i4@;B~#`xJRS)@%st5igaUzZliBYZ|5TLnqJFx@MI&>H$rsUX$21Q%uh1s#z6 A{Qv*} literal 0 HcmV?d00001 diff --git a/tests/nmsg-dns-tests/test2-dns.pres b/tests/nmsg-dns-tests/test2-dns.pres new file mode 100644 index 00000000..45f4ec21 --- /dev/null +++ b/tests/nmsg-dns-tests/test2-dns.pres @@ -0,0 +1,72 @@ +[77] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: SOA (6) +rrttl: 86400 +rdata: a.root-servers.net. nstld.verisign-grs.com. 2018110200 1800 900 604800 86400 + +[289] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: RRSIG (46) +rrttl: 86400 +rdata: SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAt kQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R8 1QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBl Ot+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7j Gos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg37 9dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZ HTf8VQ== + +[297] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: NS (2) +rrttl: 518400 +rdata: a.root-servers.net. +rdata: b.root-servers.net. +rdata: c.root-servers.net. +rdata: d.root-servers.net. +rdata: e.root-servers.net. +rdata: f.root-servers.net. +rdata: g.root-servers.net. +rdata: h.root-servers.net. +rdata: i.root-servers.net. +rdata: j.root-servers.net. +rdata: k.root-servers.net. +rdata: l.root-servers.net. +rdata: m.root-servers.net. + +[27] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: NSEC (47) +rrttl: 86400 +rdata: aaa. NS SOA RRSIG NSEC DNSKEY + +[812] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: . +rrclass: IN (1) +rrtype: DNSKEY (48) +rrttl: 172800 +rdata: 256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QR ES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEa XtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp 7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkF stMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7 tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsv YsQBkYGpF78= +rdata: 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0= +rdata: 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU= + +[33] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: ns1.dns.nic.aaa. +rrclass: IN (1) +rrtype: A (1) +rrttl: 172800 +rdata: 156.154.144.2 + +[45] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: ns1.dns.nic.aaa. +rrclass: IN (1) +rrtype: AAAA (28) +rrttl: 172800 +rdata: 2610:a1:1071::2 + +[116] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] +rrname: ac. +rrclass: IN (1) +rrtype: DS (43) +rrttl: 86400 +rdata: 42665 8 1 D5E99D85351D361BD6B5B1582F634E8A85CF1BF7 +rdata: 23014 8 2 9F135B4B4C69C92383B997632E821E3C8AB9699658674CC96FDE5405ACB68B65 +rdata: 42665 8 2 4B15F405C98F4BC3A370B19E54DBE75DF201EDCD38577C51D277DC6559865D95 + From a9d3efce7bd083a4397b7841ae58eabec48db035 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 10 Aug 2023 18:10:24 +0000 Subject: [PATCH 02/14] test remove -x for shell debugging --- tests/nmsg-dns-tests/test.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/nmsg-dns-tests/test.sh.in b/tests/nmsg-dns-tests/test.sh.in index e289a754..5c0c8921 100755 --- a/tests/nmsg-dns-tests/test.sh.in +++ b/tests/nmsg-dns-tests/test.sh.in @@ -1,4 +1,4 @@ -#!/bin/sh -x +#!/bin/sh status=0 From 7f1d23fe5ae920603ef5783a2709787ddb840111 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 10 Aug 2023 18:18:17 +0000 Subject: [PATCH 03/14] add base:dnsqr tests --- Makefile.am | 1 + configure.ac | 3 + tests/nmsg-dnsqr-tests/test.sh.in | 91 +++++++++ tests/nmsg-dnsqr-tests/test1-dnsqr.json | 5 + tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg | Bin 0 -> 3375 bytes tests/nmsg-dnsqr-tests/test1-dnsqr.pcap | Bin 0 -> 2981 bytes tests/nmsg-dnsqr-tests/test1-dnsqr.pres | 240 ++++++++++++++++++++++++ 7 files changed, 340 insertions(+) create mode 100755 tests/nmsg-dnsqr-tests/test.sh.in create mode 100644 tests/nmsg-dnsqr-tests/test1-dnsqr.json create mode 100644 tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg create mode 100644 tests/nmsg-dnsqr-tests/test1-dnsqr.pcap create mode 100644 tests/nmsg-dnsqr-tests/test1-dnsqr.pres diff --git a/Makefile.am b/Makefile.am index c186a359..e40276bf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -384,6 +384,7 @@ noinst_PROGRAMS += \ TESTS += tests/json-utf8-tests/test.sh TESTS += tests/nmsg-dns-tests/test.sh +TESTS += tests/nmsg-dnsqr-tests/test.sh TESTS += tests/nmsg-dnstap-tests/test.sh TESTS += tests/payload-crc32c-tests/test.sh TESTS += tests/string-tests/test.sh diff --git a/configure.ac b/configure.ac index 5f0c56d8..0c8a2e9a 100644 --- a/configure.ac +++ b/configure.ac @@ -45,6 +45,9 @@ AC_CONFIG_FILES([tests/json-utf8-tests/test.sh], AC_CONFIG_FILES([tests/nmsg-dns-tests/test.sh], [chmod +x tests/nmsg-dns-tests/test.sh]) +AC_CONFIG_FILES([tests/nmsg-dnsqr-tests/test.sh], + [chmod +x tests/nmsg-dnsqr-tests/test.sh]) + AC_CONFIG_FILES([tests/nmsg-dnstap-tests/test.sh], [chmod +x tests/nmsg-dnstap-tests/test.sh]) diff --git a/tests/nmsg-dnsqr-tests/test.sh.in b/tests/nmsg-dnsqr-tests/test.sh.in new file mode 100755 index 00000000..35c8d1d4 --- /dev/null +++ b/tests/nmsg-dnsqr-tests/test.sh.in @@ -0,0 +1,91 @@ +#!/bin/sh + +status=0 + +check() { + if [ $? = "0" ]; then + echo "PASS: $*" + else + echo "FAIL: $*" + status=1 + fi +} + +NMSG_MSGMOD_DIR="@abs_top_builddir@/nmsg/base/.libs" +export NMSG_MSGMOD_DIR +NMSGTOOL="@abs_top_builddir@/src/nmsgtool" + +SOURCE=@abs_top_srcdir@/tests/nmsg-dnsqr-tests/test1-dnsqr +OUTPUT=@abs_top_builddir@/tests/nmsg-dnsqr-tests/test1-dnsqr + +# cleanup from previous run +rm -f ${OUTPUT}*out + +echo read nmsg base:dnsqr and create presentation output +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +# output should be same as input +echo read nmsg base:dnsqr and create nmsg output +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +echo read nmsg base:dnsqr and create json output +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +############ + +echo read json base:dnsqr and create presentation output +$NMSGTOOL -j ${SOURCE}.json > ${OUTPUT}.json.pres.out +cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out +check json-to-presentation + +# output should be same as input +echo read json base:dnsqr and create json output +$NMSGTOOL -j ${SOURCE}.json -J ${OUTPUT}.json.json.out +cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out +check json-to-json + +echo read json base:dnsqr and create nmsg output +$NMSGTOOL -j ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out +check json-to-nmsg + +############## + +echo read pcap base:dnsqr and create presentation output +# workaround because --setsource does not work with --writepres +$NMSGTOOL -V base -T dnsqr --readpcap ${SOURCE}.pcap | sed -e 's/ \[00000000\] / \[19721976\] /' > ${OUTPUT}.pcap.pres.out +cmp -s ${SOURCE}.pres ${OUTPUT}.pcap.pres.out +check pcap-to-presentation + +echo read pcap base:dnsqr and create json output +# workaround because --setsource does not work with --writejson +# this should fail when "source" is fixed since it will be repeated +$NMSGTOOL -V base -T dnsqr --readpcap ${SOURCE}.pcap -J - | sed -e 's/"mname":"dnsqr",/"mname":"dnsqr","source":"19721976",/' > ${OUTPUT}.pcap.json.out +cmp -s ${SOURCE}.json ${OUTPUT}.pcap.json.out +check pcap-to-json + +echo read pcap base:dnsqr and create nmsg output and test setsource +# pcap doesn't have source so set it +$NMSGTOOL -V base -T dnsqr --setsource 0x19721976 --readpcap ${SOURCE}.pcap -w ${OUTPUT}.pcap.nmsg.out +cmp -s ${SOURCE}.nmsg ${OUTPUT}.pcap.nmsg.out +check pcap-to-nmsg + +######## +# try example code too + +echo read nmsg base:dnsqr and generate pcap output using example +env LD_LIBRARY_PATH=@abs_top_builddir@/nmsg/.libs/ @abs_top_builddir@/examples/.libs/nmsg-dnsqr2pcap ${SOURCE}.nmsg ${OUTPUT}.nmsg.pcap.out +cmp -s ${SOURCE}.pcap ${OUTPUT}.nmsg.pcap.out +check example-nmsg-to-pcap + +# TODO: check nmsgtool result + +# NOTE: --readpres is not fully implemented for base:dnsqr so aborts + +exit $status diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.json b/tests/nmsg-dnsqr-tests/test1-dnsqr.json new file mode 100644 index 00000000..7d0259ac --- /dev/null +++ b/tests/nmsg-dnsqr-tests/test1-dnsqr.json @@ -0,0 +1,5 @@ +{"time":"2023-07-13 17:41:09.408162000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.5.5.241","proto":"UDP","query_port":54924,"response_port":53,"id":60913,"qname":"icann.org.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAATti+AABAEZ8mywBxw8AFBfHWjAA1ADryTe3xASAAAQAAAAAAAQVpY2FubgNvcmcAAAEAAQAAKRAAAAAAAAAMAAoACMoioMhp2RCB"],"query_time_sec":[1689270069],"query_time_nsec":[408162000],"response_packet":["RQAB1O1eQAA6EU8AwAUF8csAccMANdaMAcCUqu3xgQAAAQAAAAYADQVpY2FubgNvcmcAAAEAAcASAAIAAQACowAAGQJhMANvcmcLYWZpbGlhcy1uc3QEaW5mbwDAEgACAAEAAqMAAAUCYTLAKsASAAIAAQACowAAFQJiMANvcmcLYWZpbGlhcy1uc3TAEsASAAIAAQACowAABQJiMsBgwBIAAgABAAKjAAAFAmMwwCrAEgACAAEAAqMAAAUCZDDAYMAnAAEAAQACowAABMcTOAHAJwAcAAEAAqMAABAgAQUAAA4AAAAAAAAAAAABwEwAAQABAAKjAAAEx/lwAcBMABwAAQACowAAECABBQAAQAAAAAAAAAAAAAHAXQABAAEAAqMAAATHEzYBwF0AHAABAAKjAAAQIAEFAAAMAAAAAAAAAAAAAcB+AAEAAQACowAABMf5eAHAfgAcAAEAAqMAABAgAQUAAEgAAAAAAAAAAAABwI8AAQABAAKjAAAExxM1AcCPABwAAQACowAAECABBQAACwAAAAAAAAAAAAHAoAABAAEAAqMAAATHEzkBwKAAHAABAAKjAAAQIAEFAAAPAAAAAAAAAAAAAQAAKQXAAAAAAAAA"],"response_time_sec":[1689270069],"response_time_nsec":[413872000],"delay":0.0057099999999999997979,"udp_checksum":"CORRECT","query":"7fEBIAABAAAAAAABBWljYW5uA29yZwAAAQABAAApEAAAAAAAAAwACgAIyiKgyGnZEIE=","response":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA=","dns":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA="}} +{"time":"2023-07-13 17:41:10.587291000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.35.51.30","proto":"UDP","query_port":54920,"response_port":53,"id":40813,"qname":"domaintools.com.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAAVGLSAABAEefBywBxw8AjMx7WiAA1AEDhEZ9tASAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAEAAQAAKRAAAACAAAAMAAoACNeNhsA3krV+"],"query_time_sec":[1689270070],"query_time_nsec":[587291000],"response_packet":["RQACxi9tAAA5ER+1wCMzHssAccMANdaIArLmm59tgQAAAQAAAAgAAQtkb21haW50b29scwNjb20AAAEAAcAMAAIAAQACowAAFARkbnMxA3AwNAVuc29uZQNuZXQAwAwAAgABAAKjAAAHBGRuczLAMsAMAAIAAQACowAABwRkbnMzwDLADAACAAEAAqMAAAcEZG5zNMAyIENLMFBPSk1HODc0TEpSRUY3RUZOODQzMFFWSVQ4QlNNwBgAMgABAAFRgAAjAQEAAAAUZQGhNNeRJHdqKLqGC/DBwRHqogUAByIAAAAAApDAegAuAAEAAVGAALcAMggCAAFRgGS0wklkq3dhtdcDY29tAEW46MG+JGryljuL7+NangAgPc/yLBBtsg3vEnR2nCRWnQoF8xHrEjXphFrzFkLfDP6y+HhVLA1GfBesouEN9taNt+/8v5pu7xib1b7RmsTO/0wPOn32gSnIFUtBHfa0T0sFK75LJtwiixomydtbvehwke7JEUurWr1PSH23/u3RVU72/MmPLq3bk0/6HIhdXfDwxjSmJrOZPLuoPL9VpW4gMEYzVDMyRklHUUw0OUg0UFRHVkY0SkhLVTQ0OEwyUUfAGAAyAAEAAVGAACIBAQAAABQDx9WWFkDdf59Iz/qEt9Qlk72QDQAGIAAAAAASwY0ALgABAAFRgAC3ADIIAgABUYBktM1aZKuCcrXXA2NvbQANbzsjZCLYcCyNTETZPMiu8i7/Reo1ECKua2C+LxXnXjXrue7hh3dRp/jD3jCa1X17jt09mvX06/lDEtxNPGOx6SPaKWklNwLSROGnNy0M4qRHptia7iSWjQpj//dq2GKpxIf+qSukJOYJQ5bdXdWM7phhT2waoSJ0EFklRS69+btImoNk2gxcVmaIbrZrMIqCel46DEYw+8vRIV3xLVbwAAApEAAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[611475000],"delay":0.024184000000000000635,"udp_checksum":"CORRECT","query":"n20BIAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAAAQABAAApEAAAAIAAAAwACgAI142GwDeStX4=","response":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA==","dns":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA=="}} +{"time":"2023-07-13 17:41:10.721721000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":26869,"response_port":53,"id":24287,"qname":"fsi.io.","qclass":"IN","qtype":"TXT","rcode":"NOERROR","query_packet":["RQAAPwAAAABAEdl+ywBxw9BelA1o9QA1ACuEcl7fABAAAQAAAAAAAQNmc2kCaW8AABAAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[721721000],"response_packet":["RQABT6tDAAA2ETcr0F6UDcsAccMANWj1ATvITl7fhBAAAQACAAAAAQNmc2kCaW8AABAAAcAMABAAAQAADhAAXl12PXNwZjEgbXggYSBhOnN1cHBvcnQuZmFyc2lnaHRzZWN1cml0eS5jb20gYTpleGNoLmZzaS5pbyBhOnByb2QtbWFpbC1yZWxheS0xLmlhZDEuZnNpLmlvIH5hbGzADAAuAAEAAA4QAJoAEAUCAAAOEGTFu61kniT5B1ADZnNpAmlvAD5TwMoJVP5f4pNkb5GH5PsxSy2l027ZyspnlDta0LU5JhtnNxtlT80LTJHdcuojOCobwQF+VmuX7XLREDVCkXMbJfB/wZ8JAznfc8Xv4YAtnHQblboBKCPUAAqn4HgQvkz8/NudOV3eB+MF9K5Rp/fp0Wi3lbkQ9rNXugoqT32bAAApBQAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[729020000],"delay":0.0072989999999999999325,"udp_checksum":"CORRECT","query":"Xt8AEAABAAAAAAABA2ZzaQJpbwAAEAABAAApEAAAAIAAAAA=","response":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA==","dns":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA=="}} +{"time":"2023-07-13 17:41:10.761629000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":16873,"response_port":53,"id":20343,"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A","rcode":"NXDOMAIN","query_packet":["RQAATrw7AABAER00ywBxw9BelA1B6QA1ADr1Yk93ABAAAQAAAAAAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[761629000],"response_packet":["RQADBKtMAAA2ETVt0F6UDcsAccMANUHpAvDJa093hBMAAQAAAAYAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQNmc2kCaW8AAAYAAQAADhAAI8AnCmhvc3RtYXN0ZXLAJ3iVe2EAABwgAAAOEAAJOoAAAA4QwCcALgABAAAOEACaAAYFAgAADhBk14g6ZK/tKgdQA2ZzaQJpbwDaDZ9TJYU/Ge683xNrkY7qjtpJDkrtvy79Dq9n1v3m0oYhXVzgMVPLHuzEu3/gTJDSYeuwnu0/2ZauH1dlc6YNqPbSmF6hmSfyT0ppcGnm8s6bcHRUAftO73gQdGLLRY402UOXDjzRb3zwQIppnvS6q2uwI3B/tTwVmuvsBJsdx8B6AC8AAQAADhAARxNfZGFzaGxhbmUtY2hhbGxlbmdlA2ZzaQJpbwAAB2IBgAgAA4D/IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwSIALgABAAAOEACaAC8FAgAADhBkxuzUZJ9UOgdQA2ZzaQJpbwDKQpgnIgjdFrF97L53ZCG4KMr79Mk60Lf71iRNZLG46Qw4xT6ZSkeDyqFye40htaCwP1hkVhGDUxM9LIcjcAy9LvCoE3ydG/Y7XZk8Gq/GARMxpLju1GfVDlwZ2PlpCFkFO0xBacTl4EZgFZGrFHukOCi4I9LxbgdaFss5+Wz/twxhdXRvZGlzY292ZXIEZXhjaANmc2kCaW8AAC8AAQAADhAAGAJhMQRmbXQxA2ZzaQJpbwAABkAAAAgAA8H7AC4AAQAADhAAmgAvBQQAAA4QZM5P5GSmwf8HUANmc2kCaW8AojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDdsAACkFAAAAgAAAAA=="],"response_time_sec":[1689270070],"response_time_nsec":[766528000],"delay":0.0048989999999999997091,"udp_checksum":"CORRECT","query":"T3cAEAABAAAAAAABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABAAApEAAAAIAAAAA=","response":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA","dns":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA"}} +{"time":"2023-07-13 17:41:10.821594000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"198.51.44.4","proto":"UDP","query_port":12736,"response_port":53,"id":56060,"qname":"domaintools.com.","qclass":"IN","qtype":"SOA","rcode":"NOERROR","query_packet":["RQAASBKeAABAETkMywBxw8YzLAQxwAA1ADSS+tr8ABAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAYAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[821594000],"response_packet":["RQAAiXV5QAA5EZzvxjMsBMsAccMANTHAAHVmdNr8hAAAAQABAAAAAQtkb21haW50b29scwNjb20AAAYAAcAMAAYAAQAADhAANQRkbnMxA3AwNAVuc29uZQNuZXQACmhvc3RtYXN0ZXLANmImUjYAAA4QAAACWAAJOoAAAKjAAAApBNAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[828980000],"delay":0.0073860000000000002041,"udp_checksum":"CORRECT","query":"2vwAEAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABAAApEAAAAIAAAAA=","response":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA==","dns":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA=="}} diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg b/tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg new file mode 100644 index 0000000000000000000000000000000000000000..a2f2bce18d4241870b6f075919e529f7b96663b1 GIT binary patch literal 3375 zcmaJ@dmxlq8$a({T!&_;R;k^|Ah}F~k!z6}CWc9*vat;_m@qRtGcqZqP0?;DT~sR6 zcF||MCv7dgzDh3NR(uGpmEHX+m20I$`OZ5GZ)*4b?|shiJm7MiMlCP9ZDh=N^%{M1CY9o2ruA9;{(hu<{vmUY)8<&|LW-31ieBRTEJkO zZ`25;hXBHl08AkWSXj9Ff@pEPSfH?zD3m0zBw7k^ATmMVfLh}WlL(QY>_Uxj05T!c z0bTWxA&T{p3o=2-f{2;wT(L+QrY z9M*Uaf`*U7QgGM}IBdTPK{t%Ua&g$5IIOV~g6?kF8)AWVX z1c6whluF|j#3*TkhL0hTk0Ft@7$2XMsrd-EHe^6PdbQE=5)e8J8vBq>9H_GyW@RcE zX61v-t*G%c?lz|)cKneP|7Gb zCz6B`g*{QmVv{8bsYFDSh?D@gu8plbpbq0rj-Q&?r~`e0KWj1HFTmHuna%TC!trtD z_yoGJ9a%x4i$Ywyg9A_#;DF^AlnNLKR)mQn<2kMe@u0Aa*HDBGE?fyg8pJBOxKKEX)Ej8hy zL6?zo&0+Jpj3}Gs%7QFuS=fFvN|hi{)J&Bd~Qnd zhmM-1fqjFOJDF!5?%}_imJuG_-CfQ;X?f|O$Mph_8%s|}=qw+{5Jv}}MZQ5iwkwyt zIK(&9hwaDpU&>~?@En4CaV0SuE(!5YefDIpmW_Gbd+*YU>n!$^>@omabgU#sWtpF= z$gg3-!tdlG6)}*yGlXW1GTThv!X}T3v%SnA&NC;f+1a>NrL!kJiEw)Ub7xz6QqZZl zH-Bg4)TgZ5(K0vZ^{eOo3ygjX@QAw5&S;(`ws0oYE^IsHY)ARyxbMlvoKExXOueX~ zH>(>XPv1)aaN6d$`D5J$*)8Gq+dB^k`0-PZnklI(EI7=P{_EVF&BA8N%FyTx$(1

cy&m>`w{E>(RUctZJkV%74ZHEqCzf$fNW4drK(CXZ+ZRE_*J z`-Uy*y8w%7L}}Q;$@d6w{__hL05FH_M0VDN z&@!&&?VGWdzsW_szaR;vA_Y+*Rgy(2u|layRQ(_z4nGKfamN@iovmTO{C4a?@H zG{%6xaf8hq98E_EfrXWvro{n7QXvl`gj2#8A?CLex+~-ONomH|R`?)5{=v5aS$sOts`XGn$j_E@X6Mq2$K!%cXu!+NaM%?5eF z7F#^0bpFz69GA7@*^cH#hJGD4nC}hG#WcKsT)TBf_{vB2!PQ^BxOIKwBi^oB!SnOE z9iC0uXTMq|Qk*m>=&L;tarEHKUcR4LCVt#|_mE5(f(!(9si?}xYR(RJ(}Mkm9yQYS z-Co~|b6;I6j62VeZ7lMbl=J)r>Cp5$aAeOONy^vw8=*iE8!wQE?4n{JSw)f<(P--0 zkw~fzAf^t%B>(Xvl$qfYpFNUz`HMPXUWnUR;#J-UW}4}=OumrvqBKc3tgB+S59f{7wfDbyYuFYZ~gC)&#FmTg%j5ucd@$4sO^zxhfS__ z?T;TSrU(+1QlVH8C0!$ulQ12Rrm8832|-{_icV14kFIEW0RW3oHtC<=k?3Q?+uO_Mztx7NU`bnKb68kD+7H?U9+UhWS zdHUM8d7PEC$8NPeZCuEWu3ve$e;|`KsM7LtVms|oC|~yOcg=%i^8NJv zq!!fpNsdL5ybXa~wo!Xpq6g|3adxDKW+xn-Np8!)uX`yMP(5ci=e!j020vG`M&cdGv~kO%vt`KX}Dfo zKmjx`HZUN96P{BM5#g!@0^olneE8E`4uFSIo>eXQ;yOvEKX2Ltc)+#Szw67!N^1Z>U_Q(nF2ry7)-EE8UqScQT_?QGzxBqyz1jo;y5v`u$3s3G_fQ~3N%1; z3hqG8(^!~7iTL0v(pUpPr$jiA>&Gob+Kn?orx11!F-ILO+6nEZi8BW0Ge&mCWMOmw z42QFTQbYCSLACL9Wz=mmHO%`Hg*aR#?1DmXY?N?!B@&v4p26mqY)`W+V`zB!Z zHL&@bSQm`UpMae-hK2Q}lf%=6u*PP6Iv@y6k-!cLil|2&^r%AJL2SoQn$lngd9)kl z#bYe!1Px4|kjCR;iBc+!Q&1zN@o)*L)P0l!hWqGl`cBg6KuI$4aWF_1R8fFh_<&Ni z0Dj?OG^>P!_DA|CjZ*wDJ1>5uk97Wz50de|ni1Ms7(F>b2ioQ+L6rUEX22PNmjVYJNP)l<;^Mzo5QT|& z$z65M_?I46lv`}*&2;;w`;U-Zz*_W6uMIQ4*r3~3xiQBg__!YZh0#-EUPo%k3)5xy z8Sje!QmwHu@Y?#1?@qKE^fjfIb`M_5l5|haZY;0Ms=PfUnBN#{JrwZzU`{FUKH92d@?0fda0J4|ipdcd!@N*T-)Sm+LHW2=vxSiTQ9! zs5cukO+DJS<@x;bCbhJ|@?hD11E9r1DKV}{|5!$T4j~G^l#gV@K4N1g z?zhhMa)$U%cuezivFpnhOnDT}d-_vX`>w>m(|=w6%`U4kY0KWWMOm+2KJE83{?*?- z@Uw6jg*EQ! zI*JS9rWcqinV(wnIc5D6&88|u+Ye9J~A~-l9*SR+pU1``>Dtrq|)}ABA3HwofG9DKPJ)!0X&{Gy*(&0`FnZ%7N-xIkO{n{%>LtMO?tkDg6_xbM! z32DZzKL_mnY`^`Fq@|`N`jA`5oe~!-vuGzXk??1IK}MVW3EO#|Sp}9H9DAfwUdQAu z%TSnE_H3)j)1|uHSKR1sPqEEWnjOB3S+g5}-suM_X1QQ+@ZNEku-~-*puap9c=~lm zT}N-Gqg;_>3ginp|b(o-EPOiVRFAH$mx z`y1=;Jwcc{&unszUW`v9k(`{PI=lr3U$-a1BsOF3lfA7g41GJVao!r9k8XPVuzu(4u+Rtgt7|`bR(WOH z1Ht}!{Ap2c=aQDpbFS79dhCogq1L^m3SPHXNL>wHRg6D$>1{`Y~``Y9QOlee67w!Xx! ze=gAuF|Bp!j~gmw;0a18Ay!06H;Uvm#JTsOjwWO(1-GX~#VhUKYqUH7fJvwr7#AUY z3qr=-7XC?`su&uJ@C45#e$RJwvw*i3Oxx$NX72SmAX!#aOI0OUmlyZ?N}Yld`l_Q> zezo}CM;ogfDxDQ_zY6gruD7mK?U^ldh1lrx5u*n0yCUUxw z&EbO*T26>kwhpF_JWM|Jnt*oUIX22K-p5`Onv7c*VYO F{{soZgeL$1 literal 0 HcmV?d00001 diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.pres b/tests/nmsg-dnsqr-tests/test1-dnsqr.pres new file mode 100644 index 00000000..eefc6a3b --- /dev/null +++ b/tests/nmsg-dnsqr-tests/test1-dnsqr.pres @@ -0,0 +1,240 @@ +[623] [2023-07-13 17:41:09.408162000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 192.5.5.241 +proto: UDP (17) +query_port: 54924 +response_port: 53 +id: 60913 +qname: icann.org. +qclass: IN (1) +qtype: A (1) +rcode: NOERROR (0) +delay: 0.005710 +udp_checksum: CORRECT +query: [50 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 +;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;icann.org. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [440 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 + +;; QUESTION SECTION: +;icann.org. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +org. 172800 IN NS a0.org.afilias-nst.info. +org. 172800 IN NS a2.org.afilias-nst.info. +org. 172800 IN NS b0.org.afilias-nst.org. +org. 172800 IN NS b2.org.afilias-nst.org. +org. 172800 IN NS c0.org.afilias-nst.info. +org. 172800 IN NS d0.org.afilias-nst.org. + +;; ADDITIONAL SECTION: +a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 +a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 +a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 +a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 +b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 +b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 +b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 +b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 +c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 +c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 +d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 +d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 +--- + +[877] [2023-07-13 17:41:10.587291000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 192.35.51.30 +proto: UDP (17) +query_port: 54920 +response_port: 53 +id: 40813 +qname: domaintools.com. +qclass: IN (1) +qtype: A (1) +rcode: NOERROR (0) +delay: 0.024184 +udp_checksum: CORRECT +query: [56 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 +;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;domaintools.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [682 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 0 + +;; QUESTION SECTION: +;domaintools.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +domaintools.com. 172800 IN NS dns1.p04.nsone.net. +domaintools.com. 172800 IN NS dns2.p04.nsone.net. +domaintools.com. 172800 IN NS dns3.p04.nsone.net. +domaintools.com. 172800 IN NS dns4.p04.nsone.net. +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemE WvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86 ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+ 7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg== +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN NSEC3 1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN RRSIG NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4 w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bY mu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUu vfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A== + +;; ADDITIONAL SECTION: +--- + +[472] [2023-07-13 17:41:10.721721000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 208.94.148.13 +proto: UDP (17) +query_port: 26869 +response_port: 53 +id: 24287 +qname: fsi.io. +qclass: IN (1) +qtype: TXT (16) +rcode: NOERROR (0) +delay: 0.007299 +udp_checksum: CORRECT +query: [35 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 +;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;fsi.io. IN TXT + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [307 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 +;; flags: qr aa cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;fsi.io. IN TXT + +;; ANSWER SECTION: +fsi.io. 3600 IN TXT "v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all" +fsi.io. 3600 IN RRSIG TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtM kd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuV ugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipP fZs= + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- + +[939] [2023-07-13 17:41:10.761629000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 208.94.148.13 +proto: UDP (17) +query_port: 16873 +response_port: 53 +id: 20343 +qname: does.not.exist.fsi.io. +qclass: IN (1) +qtype: A (1) +rcode: NXDOMAIN (3) +delay: 0.004899 +udp_checksum: CORRECT +query: [50 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 20343 +;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;does.not.exist.fsi.io. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [744 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 20343 +;; flags: qr aa cd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 + +;; QUESTION SECTION: +;does.not.exist.fsi.io. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +fsi.io. 3600 IN SOA fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600 +fsi.io. 3600 IN RRSIG SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7s xLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0 VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASb Hcc= +fsi.io. 3600 IN NSEC _dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534 +fsi.io. 3600 IN RRSIG NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qh cnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS4 7tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls /7c= +autodiscover.exch.fsi.io. 3600 IN NSEC a1.fmt1.fsi.io. A AAAA RRSIG NSEC +autodiscover.exch.fsi.io. 3600 IN RRSIG NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXyp KJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpS V7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjd Dds= + +;; ADDITIONAL SECTION: +--- + +[291] [2023-07-13 17:41:10.821594000] [1:9 base dnsqr] [19721976] [] [] +type: UDP_QUERY_RESPONSE +query_ip: 203.0.113.195 +response_ip: 198.51.44.4 +proto: UDP (17) +query_port: 12736 +response_port: 53 +id: 56060 +qname: domaintools.com. +qclass: IN (1) +qtype: SOA (6) +rcode: NOERROR (0) +delay: 0.007386 +udp_checksum: CORRECT +query: [44 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 +;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;domaintools.com. IN SOA + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +response: [109 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;domaintools.com. IN SOA + +;; ANSWER SECTION: +domaintools.com. 3600 IN SOA dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200 + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- + From a3bd52c434b2fe0d871e72aec1546e5bd508b0ac Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 10 Aug 2023 18:23:11 +0000 Subject: [PATCH 04/14] add some additional base:dnstap tests somewhat redundant but like other tests recently added --- tests/nmsg-dnstap-tests/test.sh.in | 28 +++++++++++++++ tests/nmsg-dnstap-tests/test1-dnstap.json | 1 + tests/nmsg-dnstap-tests/test1-dnstap.nmsg | Bin 0 -> 520 bytes tests/nmsg-dnstap-tests/test1-dnstap.pres | 42 ++++++++++++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 tests/nmsg-dnstap-tests/test1-dnstap.json create mode 100644 tests/nmsg-dnstap-tests/test1-dnstap.nmsg create mode 100644 tests/nmsg-dnstap-tests/test1-dnstap.pres diff --git a/tests/nmsg-dnstap-tests/test.sh.in b/tests/nmsg-dnstap-tests/test.sh.in index e2255563..3a3db35e 100755 --- a/tests/nmsg-dnstap-tests/test.sh.in +++ b/tests/nmsg-dnstap-tests/test.sh.in @@ -31,4 +31,32 @@ check response_message $NMSGTOOL -r $PAYLOAD | fgrep -q "qname: www.farsightsecurity.com." check response_message +##### +# The following tests make the above redundant. + +SOURCE=@abs_top_srcdir@/tests/nmsg-dnstap-tests/test1-dnstap +OUTPUT=@abs_top_builddir@/tests/nmsg-dnstap-tests/test1-dnstap + +# cleanup from previous run +rm -f ${OUTPUT}*out + +echo read nmsg base:dnstap and create presentation output +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.txt.out +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.txt.out +check nmsg-to-presentation + +# output should be same as input +echo read nmsg base:dnstap and create nmsg output +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +echo read nmsg base:dnstap and create json output +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +# NOTE: --readjson for base:dnstap is incomplete +# NOTE: --readpres is not fully implemented for base:dnstap + exit $status diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.json b/tests/nmsg-dnstap-tests/test1-dnstap.json new file mode 100644 index 00000000..cdb20344 --- /dev/null +++ b/tests/nmsg-dnstap-tests/test1-dnstap.json @@ -0,0 +1 @@ +{"time":"2016-11-21 21:25:08.556331019","vname":"base","mname":"dnstap","message":{"identity":"bWlray5uZXQ=","version":"dW5ib3VuZCAxLjUuMTA=","type":"MESSAGE","message_type":"RESOLVER_RESPONSE","socket_family":"INET","socket_protocol":"UDP","query_time_sec":1479753746,"query_time_nsec":70887000,"response_address":"192.31.80.30","response_port":53,"response_time_sec":1479753746,"response_time_nsec":112706000,"query_zone":"com.","response_message":"DmKAEAABAAAABQAFA3d3dxBmYXJzaWdodHNlY3VyaXR5A2NvbQAAAQABwBAAAgABAAKjAAASA25zNQtkbnNtYWRlZWFzecAhwBAAAgABAAKjAAAGA25zNsA6wBAAAgABAAKjAAAGA25zN8A6wBAAKwABAAFRgAAk7CYFAjZyw1z6j/FMnCI7hCd71kXAr1S61XkDdf55cWHkgBR5wBAALgABAAFRgACXACsIAgABUYBYO76tWDJzxRkEA2NvbQANb/jAwTh73dCouzH+jGlCprKSW/SJccMKn/4qGqe0Q9yE2q4m7s1saY6WYAdsfiz2iF5r/Qc1rpW+FrFieYRgxTGkqQP3Q7WBjy1EGeuYW8+QRzyUu8IxdQDKuuPC22Bof8u3zlxMF80RNLrKGfHK9Z1NuSeZABjvaWAG9NeQwsA2AAEAAQACowAABNBelA3ANgAcAAEAAqMAABAmABgAAAUAAAAAAAAAAAABwFQAAQABAAKjAAAE0FB8DcBmAAEAAQACowAABNBQfg0AACkQAAAAgAAAAA==","id":3682,"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A","rcode":"NOERROR"}} diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.nmsg b/tests/nmsg-dnstap-tests/test1-dnstap.nmsg new file mode 100644 index 0000000000000000000000000000000000000000..a3355c754a67941511c5e01a616c412ae3a0f7fe GIT binary patch literal 520 zcmebC4R&W>VqjqW$Muz&gHeE2V#}Gc2U%6QKWHdwJ!a15l%H#4<~kC|2g={9J|vut@HOgWK7P zrZMv+H3%>;GB7Z(GO#k2mzN8qB^DKDre~BCrzV#cWtLQe^#D~c9uNS!h>?M5F$04T zb6&A2cS>GyZemJmYGQHa0YxNPHlVE80V^~SbFhdu$fUpq29-BztW0J_hhu*AfApE7 zWZj}(ea-d2`jA~$E166GRTd^bX%MLdnxF?&Kb=9F1893-LxlCdwGl?eMyHQ8S! z7vm#-R?uYEDantgzRvaCsXmiI;(cZU+n4JT4jnK9IS?EuEEnRY@B;ZVP`-c~g9Ip8 lVSw>K2$I@>8r}nG$ox891_n(5pyCD~u3!}SIP=JRE&!=as+#}+ literal 0 HcmV?d00001 diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.pres b/tests/nmsg-dnstap-tests/test1-dnstap.pres new file mode 100644 index 00000000..14749796 --- /dev/null +++ b/tests/nmsg-dnstap-tests/test1-dnstap.pres @@ -0,0 +1,42 @@ +[483] [2016-11-21 21:25:08.556331019] [1:13 base dnstap] [00000000] [] [] +identity: +version: +type: MESSAGE +message_type: RESOLVER_RESPONSE +socket_family: INET +socket_protocol: UDP +query_time_sec: 1479753746 +query_time_nsec: 70887000 +response_address: 192.31.80.30 +response_port: 53 +response_time_sec: 1479753746 +response_time_nsec: 112706000 +query_zone: com. +response_message: [406 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3682 +;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4 + +;; QUESTION SECTION: +;www.farsightsecurity.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +farsightsecurity.com. 172800 IN NS ns5.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns6.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns7.dnsmadeeasy.com. +farsightsecurity.com. 86400 IN DS 60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479 +farsightsecurity.com. 86400 IN RRSIG DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmO lmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8 lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTX kMI= + +;; ADDITIONAL SECTION: +ns5.dnsmadeeasy.com. 172800 IN A 208.94.148.13 +ns5.dnsmadeeasy.com. 172800 IN AAAA 2600:1800:5::1 +ns6.dnsmadeeasy.com. 172800 IN A 208.80.124.13 +ns7.dnsmadeeasy.com. 172800 IN A 208.80.126.13 +--- +id: 3682 +qname: www.farsightsecurity.com. +qclass: IN (1) +qtype: A (1) +rcode: NOERROR (0) + From 0addc7b1794d37e8e1413972c1f2510ed8d73682 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Fri, 11 Aug 2023 16:08:02 +0000 Subject: [PATCH 05/14] remove some duplicate messages from base:dns test --- tests/nmsg-dns-tests/test1-dns.json | 6 +----- tests/nmsg-dns-tests/test1-dns.nmsg | Bin 724 -> 456 bytes tests/nmsg-dns-tests/test1-dns.pres | 32 ++-------------------------- 3 files changed, 3 insertions(+), 35 deletions(-) diff --git a/tests/nmsg-dns-tests/test1-dns.json b/tests/nmsg-dns-tests/test1-dns.json index e8a4075e..bd604a50 100644 --- a/tests/nmsg-dns-tests/test1-dns.json +++ b/tests/nmsg-dns-tests/test1-dns.json @@ -2,9 +2,5 @@ {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"test1.example.net.","qclass":"IN","qtype":"A","section":1,"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"SPF","rrttl":172800,"rdata":["\"10.11.12.13\"","\"10.12.13.14\""]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"garbage-class.test1.example.net.","qclass":"IN","qtype":"A","rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-class.test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"qname":"test1.example.net.","qclass":"IN","qtype":"A","rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"test1.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["10.11.12.13"]}} diff --git a/tests/nmsg-dns-tests/test1-dns.nmsg b/tests/nmsg-dns-tests/test1-dns.nmsg index c55eb605778fea23e1c823d0602ebf7d42f454f8..fba9fa617034084e1b639e1a589930b279532100 100644 GIT binary patch delta 73 zcmcb@dV-nD&o|hefr){Eao1} dj2?`W4>Fofp2;M^J>%TW$;<-h-yWUE3;>8!6ZHT9 delta 158 zcmX@Xe1(C{FpaYo^24n_fXiFfOJ?z5^g0D+bl*Te>qi3j)utQ2|E z6N{1((^GYma}tY-CpJnbIiagI Date: Fri, 11 Aug 2023 18:57:58 +0000 Subject: [PATCH 06/14] check nmsgtool exit code for new tests --- tests/nmsg-dns-tests/test.sh.in | 22 ++++++++++------------ tests/nmsg-dnsqr-tests/test.sh.in | 22 ++++++++++------------ tests/nmsg-dnstap-tests/test.sh.in | 6 +++--- 3 files changed, 23 insertions(+), 27 deletions(-) diff --git a/tests/nmsg-dns-tests/test.sh.in b/tests/nmsg-dns-tests/test.sh.in index 5c0c8921..3bd8d0ac 100755 --- a/tests/nmsg-dns-tests/test.sh.in +++ b/tests/nmsg-dns-tests/test.sh.in @@ -21,63 +21,61 @@ OUTPUT=@abs_top_builddir@/tests/nmsg-dns-tests/test1-dns # cleanup from previous run rm -f ${OUTPUT}*out -echo read nmsg base:dns base:dns and create presentation output $NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dns base:dns and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out check nmsg-to-presentation -echo read nmsg base:dns and create json output $NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dns and create json output cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out check nmsg-to-json # output should be same as input -echo read nmsg base:dns and create nmsg output $NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dns and create nmsg output cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out check nmsg-to-nmsg -echo read json base:dns and create presentation output $NMSGTOOL -j ${SOURCE}.json > ${OUTPUT}.json.pres.out +check read json base:dns and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out check json-to-presentation # output should be same as input -echo read json base:dns and create json output $NMSGTOOL -j ${SOURCE}.json -J ${OUTPUT}.json.json.out +check read json base:dns and create json output cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out check json-to-json -echo read json base:dns and create nmsg output $NMSGTOOL -j ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +check read json base:dns and create nmsg output cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out check json-to-nmsg # another test input # TODO: use a function since is repeated -echo read nmsg base:dns and create presentation output $NMSGTOOL -r @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.nmsg > @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.pres.out +check read nmsg base:dns and create presentation output cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.pres @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.pres.out check nmsg-to-presentation -echo read nmsg base:dns and create json output $NMSGTOOL -r @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.nmsg -J @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.json.out +check read nmsg base:dns and create json output cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.nmsg.json.out check nmsg-to-json -echo read json base:dns and create presentation output $NMSGTOOL -j @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json > @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.pres.out +check read json base:dns and create presentation output cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.pres @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.pres.out check json-to-presentation -echo read json base:dns and create json output $NMSGTOOL -j @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json -J @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.json.out +check read json base:dns and create json output cmp -s @abs_top_srcdir@/tests/nmsg-dns-tests/test2-dns.json @abs_top_builddir@/tests/nmsg-dns-tests/test2-dns.json.json.out check json-to-json -# TODO: check nmsgtool result - # NOTE: --readpres is not fully implemented for base:dns so aborts exit $status diff --git a/tests/nmsg-dnsqr-tests/test.sh.in b/tests/nmsg-dnsqr-tests/test.sh.in index 35c8d1d4..78c7f1d8 100755 --- a/tests/nmsg-dnsqr-tests/test.sh.in +++ b/tests/nmsg-dnsqr-tests/test.sh.in @@ -21,71 +21,69 @@ OUTPUT=@abs_top_builddir@/tests/nmsg-dnsqr-tests/test1-dnsqr # cleanup from previous run rm -f ${OUTPUT}*out -echo read nmsg base:dnsqr and create presentation output $NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dnsqr and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out check nmsg-to-presentation # output should be same as input -echo read nmsg base:dnsqr and create nmsg output $NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dnsqr and create nmsg output cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out check nmsg-to-nmsg -echo read nmsg base:dnsqr and create json output $NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dnsqr and create json output cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out check nmsg-to-json ############ -echo read json base:dnsqr and create presentation output $NMSGTOOL -j ${SOURCE}.json > ${OUTPUT}.json.pres.out +check read json base:dnsqr and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out check json-to-presentation # output should be same as input -echo read json base:dnsqr and create json output $NMSGTOOL -j ${SOURCE}.json -J ${OUTPUT}.json.json.out +check read json base:dnsqr and create json output cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out check json-to-json -echo read json base:dnsqr and create nmsg output $NMSGTOOL -j ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +check read json base:dnsqr and create nmsg output cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out check json-to-nmsg ############## -echo read pcap base:dnsqr and create presentation output # workaround because --setsource does not work with --writepres $NMSGTOOL -V base -T dnsqr --readpcap ${SOURCE}.pcap | sed -e 's/ \[00000000\] / \[19721976\] /' > ${OUTPUT}.pcap.pres.out +check read pcap base:dnsqr and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.pcap.pres.out check pcap-to-presentation -echo read pcap base:dnsqr and create json output # workaround because --setsource does not work with --writejson # this should fail when "source" is fixed since it will be repeated $NMSGTOOL -V base -T dnsqr --readpcap ${SOURCE}.pcap -J - | sed -e 's/"mname":"dnsqr",/"mname":"dnsqr","source":"19721976",/' > ${OUTPUT}.pcap.json.out +check read pcap base:dnsqr and create json output cmp -s ${SOURCE}.json ${OUTPUT}.pcap.json.out check pcap-to-json -echo read pcap base:dnsqr and create nmsg output and test setsource # pcap doesn't have source so set it $NMSGTOOL -V base -T dnsqr --setsource 0x19721976 --readpcap ${SOURCE}.pcap -w ${OUTPUT}.pcap.nmsg.out +check read pcap base:dnsqr and create nmsg output and test setsource cmp -s ${SOURCE}.nmsg ${OUTPUT}.pcap.nmsg.out check pcap-to-nmsg ######## # try example code too -echo read nmsg base:dnsqr and generate pcap output using example env LD_LIBRARY_PATH=@abs_top_builddir@/nmsg/.libs/ @abs_top_builddir@/examples/.libs/nmsg-dnsqr2pcap ${SOURCE}.nmsg ${OUTPUT}.nmsg.pcap.out +check read nmsg base:dnsqr and generate pcap output using example cmp -s ${SOURCE}.pcap ${OUTPUT}.nmsg.pcap.out check example-nmsg-to-pcap -# TODO: check nmsgtool result - # NOTE: --readpres is not fully implemented for base:dnsqr so aborts exit $status diff --git a/tests/nmsg-dnstap-tests/test.sh.in b/tests/nmsg-dnstap-tests/test.sh.in index 3a3db35e..d9e7bc79 100755 --- a/tests/nmsg-dnstap-tests/test.sh.in +++ b/tests/nmsg-dnstap-tests/test.sh.in @@ -40,19 +40,19 @@ OUTPUT=@abs_top_builddir@/tests/nmsg-dnstap-tests/test1-dnstap # cleanup from previous run rm -f ${OUTPUT}*out -echo read nmsg base:dnstap and create presentation output $NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.txt.out +check read nmsg base:dnstap and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.txt.out check nmsg-to-presentation # output should be same as input -echo read nmsg base:dnstap and create nmsg output $NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dnstap and create nmsg output cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out check nmsg-to-nmsg -echo read nmsg base:dnstap and create json output $NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dnstap and create json output cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out check nmsg-to-json From 797ad6ce462157bddc911a3e3b54e2f8ce52b368 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Fri, 11 Aug 2023 18:59:57 +0000 Subject: [PATCH 07/14] add base:dns test with broken inputs --- tests/nmsg-dns-tests/test.sh.in | 8 ++++++++ tests/nmsg-dns-tests/test3-dns.json | 5 +++++ 2 files changed, 13 insertions(+) create mode 100644 tests/nmsg-dns-tests/test3-dns.json diff --git a/tests/nmsg-dns-tests/test.sh.in b/tests/nmsg-dns-tests/test.sh.in index 3bd8d0ac..c885ff03 100755 --- a/tests/nmsg-dns-tests/test.sh.in +++ b/tests/nmsg-dns-tests/test.sh.in @@ -78,4 +78,12 @@ check json-to-json # NOTE: --readpres is not fully implemented for base:dns so aborts +# JSON input mistakes should result in no output +$NMSGTOOL -dd -j @abs_top_srcdir@/tests/nmsg-dns-tests/test3-dns.json --writepres @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out 2>@abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr +check read broken json base:dns and create empty output +grep "JSON parse error:" @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr >/dev/null +check reports JSON parse error +test ! -s @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out +check broken-json-to-empty-pres + exit $status diff --git a/tests/nmsg-dns-tests/test3-dns.json b/tests/nmsg-dns-tests/test3-dns.json new file mode 100644 index 00000000..379967bf --- /dev/null +++ b/tests/nmsg-dns-tests/test3-dns.json @@ -0,0 +1,5 @@ +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-rrtype.test3.example.net.","rrclass":"IN","rrtype":"garbage","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"type99.test3.example.net.","rrclass":"IN","rrtype":"TYPE999","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"unknown-rrtype.test3.example.net.","rrclass":"IN","rrtype":"","rrttl":172800,"rdata":["10.11.12.13","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-rdata.test3.example.net.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["not an IP address","10.12.13.14"]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"garbage-rrttl.test3.example.net.","rrclass":"IN","rrtype":"A","rrttl":"not an TTL number","rdata":["10.11.12.13","10.12.13.14"]}} From f9f90d8df7054f11a96adbd2bc7083a3f568913b Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 30 Aug 2023 13:13:40 +0000 Subject: [PATCH 08/14] test script use "pres" instead of txt name for one test output --- tests/nmsg-dnstap-tests/test.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/nmsg-dnstap-tests/test.sh.in b/tests/nmsg-dnstap-tests/test.sh.in index d9e7bc79..08093574 100755 --- a/tests/nmsg-dnstap-tests/test.sh.in +++ b/tests/nmsg-dnstap-tests/test.sh.in @@ -40,9 +40,9 @@ OUTPUT=@abs_top_builddir@/tests/nmsg-dnstap-tests/test1-dnstap # cleanup from previous run rm -f ${OUTPUT}*out -$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.txt.out +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out check read nmsg base:dnstap and create presentation output -cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.txt.out +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out check nmsg-to-presentation # output should be same as input From 4fabd88d3c3089909d81372b501a52e0035a0f61 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 30 Aug 2023 13:14:03 +0000 Subject: [PATCH 09/14] test comparison data catch up to newer wdns (base64 and edns) update test data for base64 removing spaces (like RRSIG) and add OPT PSEUDOSECTION for EDNS in presentation output --- tests/nmsg-dns-tests/test2-dns.json | 4 +-- tests/nmsg-dns-tests/test2-dns.pres | 8 +++--- tests/nmsg-dnsqr-tests/test1-dnsqr.pres | 34 +++++++++++++++++++---- tests/nmsg-dnstap-tests/test1-dnstap.pres | 4 ++- 4 files changed, 37 insertions(+), 13 deletions(-) diff --git a/tests/nmsg-dns-tests/test2-dns.json b/tests/nmsg-dns-tests/test2-dns.json index 97c59700..47125836 100644 --- a/tests/nmsg-dns-tests/test2-dns.json +++ b/tests/nmsg-dns-tests/test2-dns.json @@ -1,8 +1,8 @@ {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"SOA","rrttl":86400,"rdata":["a.root-servers.net. nstld.verisign-grs.com. 2018110200 1800 900 604800 86400"]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"RRSIG","rrttl":86400,"rdata":["SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAt kQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R8 1QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBl Ot+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7j Gos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg37 9dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZ HTf8VQ=="]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"RRSIG","rrttl":86400,"rdata":["SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAtkQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R81QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBlOt+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7jGos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg379dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZHTf8VQ=="]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"NS","rrttl":518400,"rdata":["a.root-servers.net.","b.root-servers.net.","c.root-servers.net.","d.root-servers.net.","e.root-servers.net.","f.root-servers.net.","g.root-servers.net.","h.root-servers.net.","i.root-servers.net.","j.root-servers.net.","k.root-servers.net.","l.root-servers.net.","m.root-servers.net."]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"NSEC","rrttl":86400,"rdata":["aaa. NS SOA RRSIG NSEC DNSKEY"]}} -{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"DNSKEY","rrttl":172800,"rdata":["256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QR ES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEa XtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp 7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkF stMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7 tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsv YsQBkYGpF78=","257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=","257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU="]}} +{"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":".","rrclass":"IN","rrtype":"DNSKEY","rrttl":172800,"rdata":["256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78=","257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=","257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"ns1.dns.nic.aaa.","rrclass":"IN","rrtype":"A","rrttl":172800,"rdata":["156.154.144.2"]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"ns1.dns.nic.aaa.","rrclass":"IN","rrtype":"AAAA","rrttl":172800,"rdata":["2610:a1:1071::2"]}} {"time":"2018-11-07 16:50:54.000000000","vname":"base","mname":"dns","message":{"rrname":"ac.","rrclass":"IN","rrtype":"DS","rrttl":86400,"rdata":["42665 8 1 D5E99D85351D361BD6B5B1582F634E8A85CF1BF7","23014 8 2 9F135B4B4C69C92383B997632E821E3C8AB9699658674CC96FDE5405ACB68B65","42665 8 2 4B15F405C98F4BC3A370B19E54DBE75DF201EDCD38577C51D277DC6559865D95"]}} diff --git a/tests/nmsg-dns-tests/test2-dns.pres b/tests/nmsg-dns-tests/test2-dns.pres index 45f4ec21..0a5d92b3 100644 --- a/tests/nmsg-dns-tests/test2-dns.pres +++ b/tests/nmsg-dns-tests/test2-dns.pres @@ -10,7 +10,7 @@ rrname: . rrclass: IN (1) rrtype: RRSIG (46) rrttl: 86400 -rdata: SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAt kQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R8 1QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBl Ot+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7j Gos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg37 9dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZ HTf8VQ== +rdata: SOA 8 0 86400 1542258000 1541131200 2134 . YzIh/SUfJITb8q0y45FtmHYU2q3ozTWzFoFTVMGEQmKkVIxvASHxKJAtkQQbA1OUkwsoXZAKFPwPLLdBn7YsesIlMosEfVtLIZe8iNivbzTTp0R81QK4bZfXqRbsIzl9h0YNxbprrvz7rhrIa1QkKg8Eiz2pI12ero8bjSBlOt+vGlnxOriI7WfjtGNTZ5kzwfRcpbND5i0PZkfSPyL6mrOgI6Ak+F7jGos+4H86OPpikmOwKXOC50qs6ayX4YHMQgtdOXe7YMxzAEUUWR7aCg379dbwjRDrt3HhpLIlvxNzOqOQhCCBT0uez08+MEiJQ+g/9oDexqb9vPsZHTf8VQ== [297] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] rrname: . @@ -43,9 +43,9 @@ rrname: . rrclass: IN (1) rrtype: DNSKEY (48) rrttl: 172800 -rdata: 256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QR ES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEa XtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp 7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkF stMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7 tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsv YsQBkYGpF78= -rdata: 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0= -rdata: 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU= +rdata: 256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78= +rdata: 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +rdata: 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= [33] [2018-11-07 16:50:54.000000000] [1:7 base dns] [00000000] [] [] rrname: ns1.dns.nic.aaa. diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.pres b/tests/nmsg-dnsqr-tests/test1-dnsqr.pres index eefc6a3b..9c2cf0fd 100644 --- a/tests/nmsg-dnsqr-tests/test1-dnsqr.pres +++ b/tests/nmsg-dnsqr-tests/test1-dnsqr.pres @@ -16,6 +16,9 @@ query: [50 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 4096 +; OPT=10: ca 22 a0 c8 69 d9 10 81 ("."..i...") ;; QUESTION SECTION: ;icann.org. IN A @@ -29,6 +32,8 @@ response: [440 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 1472 ;; QUESTION SECTION: ;icann.org. IN A @@ -75,6 +80,9 @@ query: [56 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +; OPT=10: d7 8d 86 c0 37 92 b5 7e ("....7..~") ;; QUESTION SECTION: ;domaintools.com. IN A @@ -88,6 +96,8 @@ response: [682 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;domaintools.com. IN A @@ -99,9 +109,9 @@ domaintools.com. 172800 IN NS dns2.p04.nsone.net. domaintools.com. 172800 IN NS dns3.p04.nsone.net. domaintools.com. 172800 IN NS dns4.p04.nsone.net. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM -CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemE WvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86 ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+ 7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg== +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg== 0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN NSEC3 1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG -0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN RRSIG NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4 w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bY mu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUu vfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A== +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN RRSIG NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A== ;; ADDITIONAL SECTION: --- @@ -124,6 +134,8 @@ query: [35 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 ;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;fsi.io. IN TXT @@ -137,12 +149,14 @@ response: [307 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 ;; flags: qr aa cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 ;; QUESTION SECTION: ;fsi.io. IN TXT ;; ANSWER SECTION: fsi.io. 3600 IN TXT "v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all" -fsi.io. 3600 IN RRSIG TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtM kd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuV ugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipP fZs= +fsi.io. 3600 IN RRSIG TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs= ;; AUTHORITY SECTION: @@ -167,6 +181,8 @@ query: [50 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 20343 ;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;does.not.exist.fsi.io. IN A @@ -180,6 +196,8 @@ response: [744 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 20343 ;; flags: qr aa cd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 ;; QUESTION SECTION: ;does.not.exist.fsi.io. IN A @@ -187,11 +205,11 @@ response: [744 octets] ;; AUTHORITY SECTION: fsi.io. 3600 IN SOA fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600 -fsi.io. 3600 IN RRSIG SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7s xLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0 VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASb Hcc= +fsi.io. 3600 IN RRSIG SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc= fsi.io. 3600 IN NSEC _dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534 -fsi.io. 3600 IN RRSIG NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qh cnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS4 7tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls /7c= +fsi.io. 3600 IN RRSIG NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c= autodiscover.exch.fsi.io. 3600 IN NSEC a1.fmt1.fsi.io. A AAAA RRSIG NSEC -autodiscover.exch.fsi.io. 3600 IN RRSIG NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXyp KJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpS V7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjd Dds= +autodiscover.exch.fsi.io. 3600 IN RRSIG NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds= ;; ADDITIONAL SECTION: --- @@ -214,6 +232,8 @@ query: [44 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 ;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;domaintools.com. IN SOA @@ -227,6 +247,8 @@ response: [109 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1232 ;; QUESTION SECTION: ;domaintools.com. IN SOA diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.pres b/tests/nmsg-dnstap-tests/test1-dnstap.pres index 14749796..65b7b576 100644 --- a/tests/nmsg-dnstap-tests/test1-dnstap.pres +++ b/tests/nmsg-dnstap-tests/test1-dnstap.pres @@ -16,6 +16,8 @@ response_message: [406 octets] ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3682 ;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4 +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;www.farsightsecurity.com. IN A @@ -26,7 +28,7 @@ farsightsecurity.com. 172800 IN NS ns5.dnsmadeeasy.com. farsightsecurity.com. 172800 IN NS ns6.dnsmadeeasy.com. farsightsecurity.com. 172800 IN NS ns7.dnsmadeeasy.com. farsightsecurity.com. 86400 IN DS 60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479 -farsightsecurity.com. 86400 IN RRSIG DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmO lmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8 lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTX kMI= +farsightsecurity.com. 86400 IN RRSIG DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI= ;; ADDITIONAL SECTION: ns5.dnsmadeeasy.com. 172800 IN A 208.94.148.13 From 8e97ad22a6bcabb57ce123b9cf1ef1d5cf9549a5 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 6 Sep 2023 17:49:41 +0000 Subject: [PATCH 10/14] minor test clean up --- tests/nmsg-dns-tests/test.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/nmsg-dns-tests/test.sh.in b/tests/nmsg-dns-tests/test.sh.in index c885ff03..24f76f77 100755 --- a/tests/nmsg-dns-tests/test.sh.in +++ b/tests/nmsg-dns-tests/test.sh.in @@ -22,7 +22,7 @@ OUTPUT=@abs_top_builddir@/tests/nmsg-dns-tests/test1-dns rm -f ${OUTPUT}*out $NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out -check read nmsg base:dns base:dns and create presentation output +check read nmsg base:dns and create presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out check nmsg-to-presentation @@ -79,9 +79,9 @@ check json-to-json # NOTE: --readpres is not fully implemented for base:dns so aborts # JSON input mistakes should result in no output -$NMSGTOOL -dd -j @abs_top_srcdir@/tests/nmsg-dns-tests/test3-dns.json --writepres @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out 2>@abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr +$NMSGTOOL -dd -j @abs_top_srcdir@/tests/nmsg-dns-tests/test3-dns.json --writepres @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out 2>@abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr.out check read broken json base:dns and create empty output -grep "JSON parse error:" @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr >/dev/null +grep "JSON parse error:" @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.stderr.out >/dev/null check reports JSON parse error test ! -s @abs_top_builddir@/tests/nmsg-dns-tests/test3-dns.json.pres.out check broken-json-to-empty-pres From 5b7283e78e3d92dc32adb97fed4a473168d4b161 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 6 Sep 2023 17:49:59 +0000 Subject: [PATCH 11/14] update test JSON data for newer nmsg with query_json and response_json sections --- tests/nmsg-dnsqr-tests/test1-dnsqr.json | 10 +++++----- tests/nmsg-dnstap-tests/test1-dnstap.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/nmsg-dnsqr-tests/test1-dnsqr.json b/tests/nmsg-dnsqr-tests/test1-dnsqr.json index 7d0259ac..bc67eb40 100644 --- a/tests/nmsg-dnsqr-tests/test1-dnsqr.json +++ b/tests/nmsg-dnsqr-tests/test1-dnsqr.json @@ -1,5 +1,5 @@ -{"time":"2023-07-13 17:41:09.408162000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.5.5.241","proto":"UDP","query_port":54924,"response_port":53,"id":60913,"qname":"icann.org.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAATti+AABAEZ8mywBxw8AFBfHWjAA1ADryTe3xASAAAQAAAAAAAQVpY2FubgNvcmcAAAEAAQAAKRAAAAAAAAAMAAoACMoioMhp2RCB"],"query_time_sec":[1689270069],"query_time_nsec":[408162000],"response_packet":["RQAB1O1eQAA6EU8AwAUF8csAccMANdaMAcCUqu3xgQAAAQAAAAYADQVpY2FubgNvcmcAAAEAAcASAAIAAQACowAAGQJhMANvcmcLYWZpbGlhcy1uc3QEaW5mbwDAEgACAAEAAqMAAAUCYTLAKsASAAIAAQACowAAFQJiMANvcmcLYWZpbGlhcy1uc3TAEsASAAIAAQACowAABQJiMsBgwBIAAgABAAKjAAAFAmMwwCrAEgACAAEAAqMAAAUCZDDAYMAnAAEAAQACowAABMcTOAHAJwAcAAEAAqMAABAgAQUAAA4AAAAAAAAAAAABwEwAAQABAAKjAAAEx/lwAcBMABwAAQACowAAECABBQAAQAAAAAAAAAAAAAHAXQABAAEAAqMAAATHEzYBwF0AHAABAAKjAAAQIAEFAAAMAAAAAAAAAAAAAcB+AAEAAQACowAABMf5eAHAfgAcAAEAAqMAABAgAQUAAEgAAAAAAAAAAAABwI8AAQABAAKjAAAExxM1AcCPABwAAQACowAAECABBQAACwAAAAAAAAAAAAHAoAABAAEAAqMAAATHEzkBwKAAHAABAAKjAAAQIAEFAAAPAAAAAAAAAAAAAQAAKQXAAAAAAAAA"],"response_time_sec":[1689270069],"response_time_nsec":[413872000],"delay":0.0057099999999999997979,"udp_checksum":"CORRECT","query":"7fEBIAABAAAAAAABBWljYW5uA29yZwAAAQABAAApEAAAAAAAAAwACgAIyiKgyGnZEIE=","response":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA=","dns":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA="}} -{"time":"2023-07-13 17:41:10.587291000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.35.51.30","proto":"UDP","query_port":54920,"response_port":53,"id":40813,"qname":"domaintools.com.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAAVGLSAABAEefBywBxw8AjMx7WiAA1AEDhEZ9tASAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAEAAQAAKRAAAACAAAAMAAoACNeNhsA3krV+"],"query_time_sec":[1689270070],"query_time_nsec":[587291000],"response_packet":["RQACxi9tAAA5ER+1wCMzHssAccMANdaIArLmm59tgQAAAQAAAAgAAQtkb21haW50b29scwNjb20AAAEAAcAMAAIAAQACowAAFARkbnMxA3AwNAVuc29uZQNuZXQAwAwAAgABAAKjAAAHBGRuczLAMsAMAAIAAQACowAABwRkbnMzwDLADAACAAEAAqMAAAcEZG5zNMAyIENLMFBPSk1HODc0TEpSRUY3RUZOODQzMFFWSVQ4QlNNwBgAMgABAAFRgAAjAQEAAAAUZQGhNNeRJHdqKLqGC/DBwRHqogUAByIAAAAAApDAegAuAAEAAVGAALcAMggCAAFRgGS0wklkq3dhtdcDY29tAEW46MG+JGryljuL7+NangAgPc/yLBBtsg3vEnR2nCRWnQoF8xHrEjXphFrzFkLfDP6y+HhVLA1GfBesouEN9taNt+/8v5pu7xib1b7RmsTO/0wPOn32gSnIFUtBHfa0T0sFK75LJtwiixomydtbvehwke7JEUurWr1PSH23/u3RVU72/MmPLq3bk0/6HIhdXfDwxjSmJrOZPLuoPL9VpW4gMEYzVDMyRklHUUw0OUg0UFRHVkY0SkhLVTQ0OEwyUUfAGAAyAAEAAVGAACIBAQAAABQDx9WWFkDdf59Iz/qEt9Qlk72QDQAGIAAAAAASwY0ALgABAAFRgAC3ADIIAgABUYBktM1aZKuCcrXXA2NvbQANbzsjZCLYcCyNTETZPMiu8i7/Reo1ECKua2C+LxXnXjXrue7hh3dRp/jD3jCa1X17jt09mvX06/lDEtxNPGOx6SPaKWklNwLSROGnNy0M4qRHptia7iSWjQpj//dq2GKpxIf+qSukJOYJQ5bdXdWM7phhT2waoSJ0EFklRS69+btImoNk2gxcVmaIbrZrMIqCel46DEYw+8vRIV3xLVbwAAApEAAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[611475000],"delay":0.024184000000000000635,"udp_checksum":"CORRECT","query":"n20BIAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAAAQABAAApEAAAAIAAAAwACgAI142GwDeStX4=","response":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA==","dns":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA=="}} -{"time":"2023-07-13 17:41:10.721721000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":26869,"response_port":53,"id":24287,"qname":"fsi.io.","qclass":"IN","qtype":"TXT","rcode":"NOERROR","query_packet":["RQAAPwAAAABAEdl+ywBxw9BelA1o9QA1ACuEcl7fABAAAQAAAAAAAQNmc2kCaW8AABAAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[721721000],"response_packet":["RQABT6tDAAA2ETcr0F6UDcsAccMANWj1ATvITl7fhBAAAQACAAAAAQNmc2kCaW8AABAAAcAMABAAAQAADhAAXl12PXNwZjEgbXggYSBhOnN1cHBvcnQuZmFyc2lnaHRzZWN1cml0eS5jb20gYTpleGNoLmZzaS5pbyBhOnByb2QtbWFpbC1yZWxheS0xLmlhZDEuZnNpLmlvIH5hbGzADAAuAAEAAA4QAJoAEAUCAAAOEGTFu61kniT5B1ADZnNpAmlvAD5TwMoJVP5f4pNkb5GH5PsxSy2l027ZyspnlDta0LU5JhtnNxtlT80LTJHdcuojOCobwQF+VmuX7XLREDVCkXMbJfB/wZ8JAznfc8Xv4YAtnHQblboBKCPUAAqn4HgQvkz8/NudOV3eB+MF9K5Rp/fp0Wi3lbkQ9rNXugoqT32bAAApBQAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[729020000],"delay":0.0072989999999999999325,"udp_checksum":"CORRECT","query":"Xt8AEAABAAAAAAABA2ZzaQJpbwAAEAABAAApEAAAAIAAAAA=","response":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA==","dns":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA=="}} -{"time":"2023-07-13 17:41:10.761629000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":16873,"response_port":53,"id":20343,"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A","rcode":"NXDOMAIN","query_packet":["RQAATrw7AABAER00ywBxw9BelA1B6QA1ADr1Yk93ABAAAQAAAAAAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[761629000],"response_packet":["RQADBKtMAAA2ETVt0F6UDcsAccMANUHpAvDJa093hBMAAQAAAAYAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQNmc2kCaW8AAAYAAQAADhAAI8AnCmhvc3RtYXN0ZXLAJ3iVe2EAABwgAAAOEAAJOoAAAA4QwCcALgABAAAOEACaAAYFAgAADhBk14g6ZK/tKgdQA2ZzaQJpbwDaDZ9TJYU/Ge683xNrkY7qjtpJDkrtvy79Dq9n1v3m0oYhXVzgMVPLHuzEu3/gTJDSYeuwnu0/2ZauH1dlc6YNqPbSmF6hmSfyT0ppcGnm8s6bcHRUAftO73gQdGLLRY402UOXDjzRb3zwQIppnvS6q2uwI3B/tTwVmuvsBJsdx8B6AC8AAQAADhAARxNfZGFzaGxhbmUtY2hhbGxlbmdlA2ZzaQJpbwAAB2IBgAgAA4D/IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwSIALgABAAAOEACaAC8FAgAADhBkxuzUZJ9UOgdQA2ZzaQJpbwDKQpgnIgjdFrF97L53ZCG4KMr79Mk60Lf71iRNZLG46Qw4xT6ZSkeDyqFye40htaCwP1hkVhGDUxM9LIcjcAy9LvCoE3ydG/Y7XZk8Gq/GARMxpLju1GfVDlwZ2PlpCFkFO0xBacTl4EZgFZGrFHukOCi4I9LxbgdaFss5+Wz/twxhdXRvZGlzY292ZXIEZXhjaANmc2kCaW8AAC8AAQAADhAAGAJhMQRmbXQxA2ZzaQJpbwAABkAAAAgAA8H7AC4AAQAADhAAmgAvBQQAAA4QZM5P5GSmwf8HUANmc2kCaW8AojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDdsAACkFAAAAgAAAAA=="],"response_time_sec":[1689270070],"response_time_nsec":[766528000],"delay":0.0048989999999999997091,"udp_checksum":"CORRECT","query":"T3cAEAABAAAAAAABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABAAApEAAAAIAAAAA=","response":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA","dns":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA"}} -{"time":"2023-07-13 17:41:10.821594000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"198.51.44.4","proto":"UDP","query_port":12736,"response_port":53,"id":56060,"qname":"domaintools.com.","qclass":"IN","qtype":"SOA","rcode":"NOERROR","query_packet":["RQAASBKeAABAETkMywBxw8YzLAQxwAA1ADSS+tr8ABAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAYAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[821594000],"response_packet":["RQAAiXV5QAA5EZzvxjMsBMsAccMANTHAAHVmdNr8hAAAAQABAAAAAQtkb21haW50b29scwNjb20AAAYAAcAMAAYAAQAADhAANQRkbnMxA3AwNAVuc29uZQNuZXQACmhvc3RtYXN0ZXLANmImUjYAAA4QAAACWAAJOoAAAKjAAAApBNAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[828980000],"delay":0.0073860000000000002041,"udp_checksum":"CORRECT","query":"2vwAEAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABAAApEAAAAIAAAAA=","response":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA==","dns":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA=="}} +{"time":"2023-07-13 17:41:09.408162000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.5.5.241","proto":"UDP","query_port":54924,"response_port":53,"id":60913,"qname":"icann.org.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAATti+AABAEZ8mywBxw8AFBfHWjAA1ADryTe3xASAAAQAAAAAAAQVpY2FubgNvcmcAAAEAAQAAKRAAAAAAAAAMAAoACMoioMhp2RCB"],"query_time_sec":[1689270069],"query_time_nsec":[408162000],"response_packet":["RQAB1O1eQAA6EU8AwAUF8csAccMANdaMAcCUqu3xgQAAAQAAAAYADQVpY2FubgNvcmcAAAEAAcASAAIAAQACowAAGQJhMANvcmcLYWZpbGlhcy1uc3QEaW5mbwDAEgACAAEAAqMAAAUCYTLAKsASAAIAAQACowAAFQJiMANvcmcLYWZpbGlhcy1uc3TAEsASAAIAAQACowAABQJiMsBgwBIAAgABAAKjAAAFAmMwwCrAEgACAAEAAqMAAAUCZDDAYMAnAAEAAQACowAABMcTOAHAJwAcAAEAAqMAABAgAQUAAA4AAAAAAAAAAAABwEwAAQABAAKjAAAEx/lwAcBMABwAAQACowAAECABBQAAQAAAAAAAAAAAAAHAXQABAAEAAqMAAATHEzYBwF0AHAABAAKjAAAQIAEFAAAMAAAAAAAAAAAAAcB+AAEAAQACowAABMf5eAHAfgAcAAEAAqMAABAgAQUAAEgAAAAAAAAAAAABwI8AAQABAAKjAAAExxM1AcCPABwAAQACowAAECABBQAACwAAAAAAAAAAAAHAoAABAAEAAqMAAATHEzkBwKAAHAABAAKjAAAQIAEFAAAPAAAAAAAAAAAAAQAAKQXAAAAAAAAA"],"response_time_sec":[1689270069],"response_time_nsec":[413872000],"delay":0.00571,"udp_checksum":"CORRECT","query":"7fEBIAABAAAAAAABBWljYW5uA29yZwAAAQABAAApEAAAAAAAAAwACgAIyiKgyGnZEIE=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":60913,"flags":["rd","ad"],"opt":{"edns":{"version":0,"flags":[],"udp":4096,"options":["OPT=10: ca 22 a0 c8 69 d9 10 81 (\".\"..i...\")"]}}},"question":[{"qname":"icann.org.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[],"additional":[]},"response":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA=","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":60913,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":[],"udp":1472,"options":[]}}},"question":[{"qname":"icann.org.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"org.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["a0.org.afilias-nst.info.","a2.org.afilias-nst.info.","b0.org.afilias-nst.org.","b2.org.afilias-nst.org.","c0.org.afilias-nst.info.","d0.org.afilias-nst.org."]}],"additional":[{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.56.1"]},{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:e::1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.112.1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:40::1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.54.1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:c::1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.120.1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:48::1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.53.1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:b::1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.57.1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:f::1"]}]},"dns":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA="}} +{"time":"2023-07-13 17:41:10.587291000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"192.35.51.30","proto":"UDP","query_port":54920,"response_port":53,"id":40813,"qname":"domaintools.com.","qclass":"IN","qtype":"A","rcode":"NOERROR","query_packet":["RQAAVGLSAABAEefBywBxw8AjMx7WiAA1AEDhEZ9tASAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAEAAQAAKRAAAACAAAAMAAoACNeNhsA3krV+"],"query_time_sec":[1689270070],"query_time_nsec":[587291000],"response_packet":["RQACxi9tAAA5ER+1wCMzHssAccMANdaIArLmm59tgQAAAQAAAAgAAQtkb21haW50b29scwNjb20AAAEAAcAMAAIAAQACowAAFARkbnMxA3AwNAVuc29uZQNuZXQAwAwAAgABAAKjAAAHBGRuczLAMsAMAAIAAQACowAABwRkbnMzwDLADAACAAEAAqMAAAcEZG5zNMAyIENLMFBPSk1HODc0TEpSRUY3RUZOODQzMFFWSVQ4QlNNwBgAMgABAAFRgAAjAQEAAAAUZQGhNNeRJHdqKLqGC/DBwRHqogUAByIAAAAAApDAegAuAAEAAVGAALcAMggCAAFRgGS0wklkq3dhtdcDY29tAEW46MG+JGryljuL7+NangAgPc/yLBBtsg3vEnR2nCRWnQoF8xHrEjXphFrzFkLfDP6y+HhVLA1GfBesouEN9taNt+/8v5pu7xib1b7RmsTO/0wPOn32gSnIFUtBHfa0T0sFK75LJtwiixomydtbvehwke7JEUurWr1PSH23/u3RVU72/MmPLq3bk0/6HIhdXfDwxjSmJrOZPLuoPL9VpW4gMEYzVDMyRklHUUw0OUg0UFRHVkY0SkhLVTQ0OEwyUUfAGAAyAAEAAVGAACIBAQAAABQDx9WWFkDdf59Iz/qEt9Qlk72QDQAGIAAAAAASwY0ALgABAAFRgAC3ADIIAgABUYBktM1aZKuCcrXXA2NvbQANbzsjZCLYcCyNTETZPMiu8i7/Reo1ECKua2C+LxXnXjXrue7hh3dRp/jD3jCa1X17jt09mvX06/lDEtxNPGOx6SPaKWklNwLSROGnNy0M4qRHptia7iSWjQpj//dq2GKpxIf+qSukJOYJQ5bdXdWM7phhT2waoSJ0EFklRS69+btImoNk2gxcVmaIbrZrMIqCel46DEYw+8vRIV3xLVbwAAApEAAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[611475000],"delay":0.024184000000000001,"udp_checksum":"CORRECT","query":"n20BIAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAAAQABAAApEAAAAIAAAAwACgAI142GwDeStX4=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":40813,"flags":["rd","ad"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":["OPT=10: d7 8d 86 c0 37 92 b5 7e (\"....7..~\")"]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[],"additional":[]},"response":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":40813,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"domaintools.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["dns1.p04.nsone.net.","dns2.p04.nsone.net.","dns3.p04.nsone.net.","dns4.p04.nsone.net."]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM"]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg=="]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG"]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A=="]}],"additional":[]},"dns":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA=="}} +{"time":"2023-07-13 17:41:10.721721000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":26869,"response_port":53,"id":24287,"qname":"fsi.io.","qclass":"IN","qtype":"TXT","rcode":"NOERROR","query_packet":["RQAAPwAAAABAEdl+ywBxw9BelA1o9QA1ACuEcl7fABAAAQAAAAAAAQNmc2kCaW8AABAAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[721721000],"response_packet":["RQABT6tDAAA2ETcr0F6UDcsAccMANWj1ATvITl7fhBAAAQACAAAAAQNmc2kCaW8AABAAAcAMABAAAQAADhAAXl12PXNwZjEgbXggYSBhOnN1cHBvcnQuZmFyc2lnaHRzZWN1cml0eS5jb20gYTpleGNoLmZzaS5pbyBhOnByb2QtbWFpbC1yZWxheS0xLmlhZDEuZnNpLmlvIH5hbGzADAAuAAEAAA4QAJoAEAUCAAAOEGTFu61kniT5B1ADZnNpAmlvAD5TwMoJVP5f4pNkb5GH5PsxSy2l027ZyspnlDta0LU5JhtnNxtlT80LTJHdcuojOCobwQF+VmuX7XLREDVCkXMbJfB/wZ8JAznfc8Xv4YAtnHQblboBKCPUAAqn4HgQvkz8/NudOV3eB+MF9K5Rp/fp0Wi3lbkQ9rNXugoqT32bAAApBQAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[729020000],"delay":0.007299,"udp_checksum":"CORRECT","query":"Xt8AEAABAAAAAAABA2ZzaQJpbwAAEAABAAApEAAAAIAAAAA=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":24287,"flags":["cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"fsi.io.","qclass":"IN","qtype":"TXT"}],"answer":[],"authority":[],"additional":[]},"response":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":24287,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"fsi.io.","qclass":"IN","qtype":"TXT"}],"answer":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"TXT","rdata":["\"v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all\""]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs="]}],"authority":[],"additional":[]},"dns":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA=="}} +{"time":"2023-07-13 17:41:10.761629000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"208.94.148.13","proto":"UDP","query_port":16873,"response_port":53,"id":20343,"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A","rcode":"NXDOMAIN","query_packet":["RQAATrw7AABAER00ywBxw9BelA1B6QA1ADr1Yk93ABAAAQAAAAAAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[761629000],"response_packet":["RQADBKtMAAA2ETVt0F6UDcsAccMANUHpAvDJa093hBMAAQAAAAYAAQRkb2VzA25vdAVleGlzdANmc2kCaW8AAAEAAQNmc2kCaW8AAAYAAQAADhAAI8AnCmhvc3RtYXN0ZXLAJ3iVe2EAABwgAAAOEAAJOoAAAA4QwCcALgABAAAOEACaAAYFAgAADhBk14g6ZK/tKgdQA2ZzaQJpbwDaDZ9TJYU/Ge683xNrkY7qjtpJDkrtvy79Dq9n1v3m0oYhXVzgMVPLHuzEu3/gTJDSYeuwnu0/2ZauH1dlc6YNqPbSmF6hmSfyT0ppcGnm8s6bcHRUAftO73gQdGLLRY402UOXDjzRb3zwQIppnvS6q2uwI3B/tTwVmuvsBJsdx8B6AC8AAQAADhAARxNfZGFzaGxhbmUtY2hhbGxlbmdlA2ZzaQJpbwAAB2IBgAgAA4D/IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwSIALgABAAAOEACaAC8FAgAADhBkxuzUZJ9UOgdQA2ZzaQJpbwDKQpgnIgjdFrF97L53ZCG4KMr79Mk60Lf71iRNZLG46Qw4xT6ZSkeDyqFye40htaCwP1hkVhGDUxM9LIcjcAy9LvCoE3ydG/Y7XZk8Gq/GARMxpLju1GfVDlwZ2PlpCFkFO0xBacTl4EZgFZGrFHukOCi4I9LxbgdaFss5+Wz/twxhdXRvZGlzY292ZXIEZXhjaANmc2kCaW8AAC8AAQAADhAAGAJhMQRmbXQxA2ZzaQJpbwAABkAAAAgAA8H7AC4AAQAADhAAmgAvBQQAAA4QZM5P5GSmwf8HUANmc2kCaW8AojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDdsAACkFAAAAgAAAAA=="],"response_time_sec":[1689270070],"response_time_nsec":[766528000],"delay":0.004899,"udp_checksum":"CORRECT","query":"T3cAEAABAAAAAAABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABAAApEAAAAIAAAAA=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":20343,"flags":["cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[],"additional":[]},"response":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA","response_json":{"header":{"opcode":"QUERY","rcode":"NXDOMAIN","id":20343,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600"]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc=","NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c="]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["_dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["a1.fmt1.fsi.io. A AAAA RRSIG NSEC"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds="]}],"additional":[]},"dns":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA"}} +{"time":"2023-07-13 17:41:10.821594000","vname":"base","mname":"dnsqr","source":"19721976","message":{"type":"UDP_QUERY_RESPONSE","query_ip":"203.0.113.195","response_ip":"198.51.44.4","proto":"UDP","query_port":12736,"response_port":53,"id":56060,"qname":"domaintools.com.","qclass":"IN","qtype":"SOA","rcode":"NOERROR","query_packet":["RQAASBKeAABAETkMywBxw8YzLAQxwAA1ADSS+tr8ABAAAQAAAAAAAQtkb21haW50b29scwNjb20AAAYAAQAAKRAAAACAAAAA"],"query_time_sec":[1689270070],"query_time_nsec":[821594000],"response_packet":["RQAAiXV5QAA5EZzvxjMsBMsAccMANTHAAHVmdNr8hAAAAQABAAAAAQtkb21haW50b29scwNjb20AAAYAAcAMAAYAAQAADhAANQRkbnMxA3AwNAVuc29uZQNuZXQACmhvc3RtYXN0ZXLANmImUjYAAA4QAAACWAAJOoAAAKjAAAApBNAAAIAAAAA="],"response_time_sec":[1689270070],"response_time_nsec":[828980000],"delay":0.007386,"udp_checksum":"CORRECT","query":"2vwAEAABAAAAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABAAApEAAAAIAAAAA=","query_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":56060,"flags":["cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"SOA"}],"answer":[],"authority":[],"additional":[]},"response":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":56060,"flags":["qr","aa"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1232,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"SOA"}],"answer":[{"rrname":"domaintools.com.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200"]}],"authority":[],"additional":[]},"dns":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA=="}} diff --git a/tests/nmsg-dnstap-tests/test1-dnstap.json b/tests/nmsg-dnstap-tests/test1-dnstap.json index cdb20344..ae1ed277 100644 --- a/tests/nmsg-dnstap-tests/test1-dnstap.json +++ b/tests/nmsg-dnstap-tests/test1-dnstap.json @@ -1 +1 @@ -{"time":"2016-11-21 21:25:08.556331019","vname":"base","mname":"dnstap","message":{"identity":"bWlray5uZXQ=","version":"dW5ib3VuZCAxLjUuMTA=","type":"MESSAGE","message_type":"RESOLVER_RESPONSE","socket_family":"INET","socket_protocol":"UDP","query_time_sec":1479753746,"query_time_nsec":70887000,"response_address":"192.31.80.30","response_port":53,"response_time_sec":1479753746,"response_time_nsec":112706000,"query_zone":"com.","response_message":"DmKAEAABAAAABQAFA3d3dxBmYXJzaWdodHNlY3VyaXR5A2NvbQAAAQABwBAAAgABAAKjAAASA25zNQtkbnNtYWRlZWFzecAhwBAAAgABAAKjAAAGA25zNsA6wBAAAgABAAKjAAAGA25zN8A6wBAAKwABAAFRgAAk7CYFAjZyw1z6j/FMnCI7hCd71kXAr1S61XkDdf55cWHkgBR5wBAALgABAAFRgACXACsIAgABUYBYO76tWDJzxRkEA2NvbQANb/jAwTh73dCouzH+jGlCprKSW/SJccMKn/4qGqe0Q9yE2q4m7s1saY6WYAdsfiz2iF5r/Qc1rpW+FrFieYRgxTGkqQP3Q7WBjy1EGeuYW8+QRzyUu8IxdQDKuuPC22Bof8u3zlxMF80RNLrKGfHK9Z1NuSeZABjvaWAG9NeQwsA2AAEAAQACowAABNBelA3ANgAcAAEAAqMAABAmABgAAAUAAAAAAAAAAAABwFQAAQABAAKjAAAE0FB8DcBmAAEAAQACowAABNBQfg0AACkQAAAAgAAAAA==","id":3682,"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A","rcode":"NOERROR"}} +{"time":"2016-11-21 21:25:08.556331019","vname":"base","mname":"dnstap","message":{"identity":"bWlray5uZXQ=","version":"dW5ib3VuZCAxLjUuMTA=","type":"MESSAGE","message_type":"RESOLVER_RESPONSE","socket_family":"INET","socket_protocol":"UDP","query_time_sec":1479753746,"query_time_nsec":70887000,"response_address":"192.31.80.30","response_port":53,"response_time_sec":1479753746,"response_time_nsec":112706000,"query_zone":"com.","response_message":"DmKAEAABAAAABQAFA3d3dxBmYXJzaWdodHNlY3VyaXR5A2NvbQAAAQABwBAAAgABAAKjAAASA25zNQtkbnNtYWRlZWFzecAhwBAAAgABAAKjAAAGA25zNsA6wBAAAgABAAKjAAAGA25zN8A6wBAAKwABAAFRgAAk7CYFAjZyw1z6j/FMnCI7hCd71kXAr1S61XkDdf55cWHkgBR5wBAALgABAAFRgACXACsIAgABUYBYO76tWDJzxRkEA2NvbQANb/jAwTh73dCouzH+jGlCprKSW/SJccMKn/4qGqe0Q9yE2q4m7s1saY6WYAdsfiz2iF5r/Qc1rpW+FrFieYRgxTGkqQP3Q7WBjy1EGeuYW8+QRzyUu8IxdQDKuuPC22Bof8u3zlxMF80RNLrKGfHK9Z1NuSeZABjvaWAG9NeQwsA2AAEAAQACowAABNBelA3ANgAcAAEAAqMAABAmABgAAAUAAAAAAAAAAAABwFQAAQABAAKjAAAE0FB8DcBmAAEAAQACowAABNBQfg0AACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":3682,"flags":["qr","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"farsightsecurity.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy.com."]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"DS","rdata":["60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479"]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI="]}],"additional":[{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.94.148.13"]},{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2600:1800:5::1"]},{"rrname":"ns6.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.124.13"]},{"rrname":"ns7.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.126.13"]}]},"id":3682,"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A","rcode":"NOERROR"}} From 8c9214feb0b4039c7a7944abdbb191b06c0ac2c7 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 6 Sep 2023 21:06:27 +0000 Subject: [PATCH 12/14] add some base:dnsobs tests Also update Makefile.am to remove now non-existent script and to add extra dist files for tarball and files to clean on distclean. --- Makefile.am | 26 ++- configure.ac | 3 + tests/nmsg-dnsobs-tests/test.sh.in | 59 +++++++ tests/nmsg-dnsobs-tests/test1-dnsobs.json | 6 + tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg | Bin 0 -> 3150 bytes tests/nmsg-dnsobs-tests/test1-dnsobs.pres | 190 ++++++++++++++++++++++ 6 files changed, 283 insertions(+), 1 deletion(-) create mode 100755 tests/nmsg-dnsobs-tests/test.sh.in create mode 100644 tests/nmsg-dnsobs-tests/test1-dnsobs.json create mode 100644 tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg create mode 100644 tests/nmsg-dnsobs-tests/test1-dnsobs.pres diff --git a/Makefile.am b/Makefile.am index e40276bf..094a782b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,6 +5,7 @@ TESTS = BUILT_SOURCES = EXTRA_DIST = CLEANFILES = +DISTCLEANFILES = ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS} AM_CPPFLAGS = \ @@ -31,7 +32,6 @@ EXTRA_DIST += \ tests/json-utf8-tests/straycont.nmsg \ tests/json-utf8-tests/test.sh.in \ tests/json-utf8-tests/truncated.nmsg \ - tests/nmsg.test \ tests/string-tests/empty-string.json \ tests/string-tests/empty-string.nmsg \ tests/string-tests/empty-string.pres \ @@ -365,6 +365,24 @@ EXTRA_DIST += tests/generic-tests/test.chalias EXTRA_DIST += tests/generic-tests/test.gralias EXTRA_DIST += tests/generic-tests/test.opalias +EXTRA_DIST += tests/nmsg-dns-tests/test1-dns.json +EXTRA_DIST += tests/nmsg-dns-tests/test1-dns.nmsg +EXTRA_DIST += tests/nmsg-dns-tests/test1-dns.pres +EXTRA_DIST += tests/nmsg-dns-tests/test2-dns.json +EXTRA_DIST += tests/nmsg-dns-tests/test2-dns.nmsg +EXTRA_DIST += tests/nmsg-dns-tests/test2-dns.pres +EXTRA_DIST += tests/nmsg-dns-tests/test3-dns.json +EXTRA_DIST += tests/nmsg-dnsobs-tests/test1-dnsobs.json +EXTRA_DIST += tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg +EXTRA_DIST += tests/nmsg-dnsobs-tests/test1-dnsobs.pres +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.json +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.nmsg +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.pcap +EXTRA_DIST += tests/nmsg-dnsqr-tests/test1-dnsqr.pres +EXTRA_DIST += tests/nmsg-dnstap-tests/test1-dnstap.json +EXTRA_DIST += tests/nmsg-dnstap-tests/test1-dnstap.nmsg +EXTRA_DIST += tests/nmsg-dnstap-tests/test1-dnstap.pres + noinst_PROGRAMS += libmy/crc32c_test libmy_crc32c_test_CFLAGS = $(AM_CFLAGS) libmy_crc32c_test_SOURCES = \ @@ -386,6 +404,7 @@ TESTS += tests/json-utf8-tests/test.sh TESTS += tests/nmsg-dns-tests/test.sh TESTS += tests/nmsg-dnsqr-tests/test.sh TESTS += tests/nmsg-dnstap-tests/test.sh +TESTS += tests/nmsg-dnsobs-tests/test.sh TESTS += tests/payload-crc32c-tests/test.sh TESTS += tests/string-tests/test.sh TESTS += tests/udp-checksum-tests/test.sh @@ -416,6 +435,11 @@ check_PROGRAMS += tests/test-nmsg_output_set_rate tests_test_nmsg_output_set_rate_SOURCES = tests/test-nmsg_output_set_rate.c tests_test_nmsg_output_set_rate_LDADD = nmsg/libnmsg.la +DISTCLEANFILES += tests/nmsg-dns-tests/test*.out +DISTCLEANFILES += tests/nmsg-dnsobs-tests/test*.out +DISTCLEANFILES += tests/nmsg-dnsqr-tests/test*.out +DISTCLEANFILES += tests/nmsg-dnstap-tests/test*.out + # ## ### Examples diff --git a/configure.ac b/configure.ac index 0c8a2e9a..2bea4e76 100644 --- a/configure.ac +++ b/configure.ac @@ -45,6 +45,9 @@ AC_CONFIG_FILES([tests/json-utf8-tests/test.sh], AC_CONFIG_FILES([tests/nmsg-dns-tests/test.sh], [chmod +x tests/nmsg-dns-tests/test.sh]) +AC_CONFIG_FILES([tests/nmsg-dnsobs-tests/test.sh], + [chmod +x tests/nmsg-dnsobs-tests/test.sh]) + AC_CONFIG_FILES([tests/nmsg-dnsqr-tests/test.sh], [chmod +x tests/nmsg-dnsqr-tests/test.sh]) diff --git a/tests/nmsg-dnsobs-tests/test.sh.in b/tests/nmsg-dnsobs-tests/test.sh.in new file mode 100755 index 00000000..26c03181 --- /dev/null +++ b/tests/nmsg-dnsobs-tests/test.sh.in @@ -0,0 +1,59 @@ +#!/bin/sh + +status=0 + +check() { + if [ $? = "0" ]; then + echo "PASS: $*" + else + echo "FAIL: $*" + status=1 + fi +} + +NMSG_MSGMOD_DIR="@abs_top_builddir@/nmsg/base/.libs" +export NMSG_MSGMOD_DIR +NMSGTOOL="@abs_top_builddir@/src/nmsgtool" +PAYLOAD="@abs_top_srcdir@/tests/nmsg-dnsobs-tests/test-dnsobs.nmsg" + +SOURCE=@abs_top_srcdir@/tests/nmsg-dnsobs-tests/test1-dnsobs +OUTPUT=@abs_top_builddir@/tests/nmsg-dnsobs-tests/test1-dnsobs + +# cleanup from previous run +rm -f ${OUTPUT}*out + +$NMSGTOOL -r ${SOURCE}.nmsg > ${OUTPUT}.nmsg.pres.out +check read nmsg base:dnsobs and create dnsobs presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.nmsg.pres.out +check nmsg-to-presentation + +# output should be same as input +$NMSGTOOL -r ${SOURCE}.nmsg -w ${OUTPUT}.nmsg.nmsg.out +check read nmsg base:dnsobs and create base:dnsobs nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.nmsg.nmsg.out +check nmsg-to-nmsg + +$NMSGTOOL -r ${SOURCE}.nmsg -J ${OUTPUT}.nmsg.json.out +check read nmsg base:dnsobs and create base:dnsobs json output +cmp -s ${SOURCE}.json ${OUTPUT}.nmsg.json.out +check nmsg-to-json + +$NMSGTOOL --readjson ${SOURCE}.json > ${OUTPUT}.json.pres.out +check read json base:dnsobs and create dnsobs presentation output +cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out +check nmsg-to-presentation + +$NMSGTOOL --readjson ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out +check read json base:dnsobs and create base:dnsobs nmsg output +cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out +check nmsg-to-nmsg + +# output should be same as input +$NMSGTOOL --readjson ${SOURCE}.json -J ${OUTPUT}.json.json.out +check read json base:dnsobs and create base:dnsobs json output +cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out +check nmsg-to-json + +# NOTE: --readpres is not fully implemented for base:dnsobs + +exit $status diff --git a/tests/nmsg-dnsobs-tests/test1-dnsobs.json b/tests/nmsg-dnsobs-tests/test1-dnsobs.json new file mode 100644 index 00000000..85cdab7d --- /dev/null +++ b/tests/nmsg-dnsobs-tests/test1-dnsobs.json @@ -0,0 +1,6 @@ +{"time":"2023-07-13 17:41:09.408162000","vname":"base","mname":"dnsobs","message":{"time":1689270069,"response_ip":"192.5.5.241","qname":"icann.org.","qtype":"A","qclass":"IN","rcode":"NOERROR","response":"7fGBAAABAAAABgANBWljYW5uA29yZwAAAQABwBIAAgABAAKjAAAZAmEwA29yZwthZmlsaWFzLW5zdARpbmZvAMASAAIAAQACowAABQJhMsAqwBIAAgABAAKjAAAVAmIwA29yZwthZmlsaWFzLW5zdMASwBIAAgABAAKjAAAFAmIywGDAEgACAAEAAqMAAAUCYzDAKsASAAIAAQACowAABQJkMMBgwCcAAQABAAKjAAAExxM4AcAnABwAAQACowAAECABBQAADgAAAAAAAAAAAAHATAABAAEAAqMAAATH+XABwEwAHAABAAKjAAAQIAEFAABAAAAAAAAAAAAAAcBdAAEAAQACowAABMcTNgHAXQAcAAEAAqMAABAgAQUAAAwAAAAAAAAAAAABwH4AAQABAAKjAAAEx/l4AcB+ABwAAQACowAAECABBQAASAAAAAAAAAAAAAHAjwABAAEAAqMAAATHEzUBwI8AHAABAAKjAAAQIAEFAAALAAAAAAAAAAAAAcCgAAEAAQACowAABMcTOQHAoAAcAAEAAqMAABAgAQUAAA8AAAAAAAAAAAABAAApBcAAAAAAAAA=","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":60913,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":[],"udp":1472,"options":[]}}},"question":[{"qname":"icann.org.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"org.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["a0.org.afilias-nst.info.","a2.org.afilias-nst.info.","b0.org.afilias-nst.org.","b2.org.afilias-nst.org.","c0.org.afilias-nst.info.","d0.org.afilias-nst.org."]}],"additional":[{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.56.1"]},{"rrname":"a0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:e::1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.112.1"]},{"rrname":"a2.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:40::1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.54.1"]},{"rrname":"b0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:c::1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.249.120.1"]},{"rrname":"b2.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:48::1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.53.1"]},{"rrname":"c0.org.afilias-nst.info.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:b::1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["199.19.57.1"]},{"rrname":"d0.org.afilias-nst.org.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2001:500:f::1"]}]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.587291000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"192.35.51.30","qname":"domaintools.com.","qtype":"A","qclass":"IN","rcode":"NOERROR","response":"n22BAAABAAAACAABC2RvbWFpbnRvb2xzA2NvbQAAAQABwAwAAgABAAKjAAAUBGRuczEDcDA0BW5zb25lA25ldADADAACAAEAAqMAAAcEZG5zMsAywAwAAgABAAKjAAAHBGRuczPAMsAMAAIAAQACowAABwRkbnM0wDIgQ0swUE9KTUc4NzRMSlJFRjdFRk44NDMwUVZJVDhCU03AGAAyAAEAAVGAACMBAQAAABRlAaE015Ekd2oouoYL8MHBEeqiBQAHIgAAAAACkMB6AC4AAQABUYAAtwAyCAIAAVGAZLTCSWSrd2G11wNjb20ARbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1WlbiAwRjNUMzJGSUdRTDQ5SDRQVEdWRjRKSEtVNDQ4TDJRR8AYADIAAQABUYAAIgEBAAAAFAPH1ZYWQN1/n0jP+oS31CWTvZANAAYgAAAAABLBjQAuAAEAAVGAALcAMggCAAFRgGS0zVpkq4JytdcDY29tAA1vOyNkIthwLI1MRNk8yK7yLv9F6jUQIq5rYL4vFedeNeu57uGHd1Gn+MPeMJrVfXuO3T2a9fTr+UMS3E08Y7HpI9opaSU3AtJE4ac3LQzipEem2JruJJaNCmP/92rYYqnEh/6pK6Qk5glDlt1d1YzumGFPbBqhInQQWSVFLr35u0iag2TaDFxWZohutmswioJ6XjoMRjD7y9EhXfEtVvAAACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":40813,"flags":["qr","rd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"domaintools.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["dns1.p04.nsone.net.","dns2.p04.nsone.net.","dns3.p04.nsone.net.","dns4.p04.nsone.net."]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM"]},{"rrname":"CK0POJMG874LJREF7EFN8430QVIT8BSM.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg=="]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"NSEC3","rdata":["1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG"]},{"rrname":"0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A=="]}],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.721721000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"208.94.148.13","qname":"fsi.io.","qtype":"TXT","qclass":"IN","rcode":"NOERROR","response":"Xt+EEAABAAIAAAABA2ZzaQJpbwAAEAABwAwAEAABAAAOEABeXXY9c3BmMSBteCBhIGE6c3VwcG9ydC5mYXJzaWdodHNlY3VyaXR5LmNvbSBhOmV4Y2guZnNpLmlvIGE6cHJvZC1tYWlsLXJlbGF5LTEuaWFkMS5mc2kuaW8gfmFsbMAMAC4AAQAADhAAmgAQBQIAAA4QZMW7rWSeJPkHUANmc2kCaW8APlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZsAACkFAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":24287,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"fsi.io.","qclass":"IN","qtype":"TXT"}],"answer":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"TXT","rdata":["\"v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all\""]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs="]}],"authority":[],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.761629000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"208.94.148.13","qname":"does.not.exist.fsi.io.","qtype":"A","qclass":"IN","rcode":"NXDOMAIN","response":"T3eEEwABAAAABgABBGRvZXMDbm90BWV4aXN0A2ZzaQJpbwAAAQABA2ZzaQJpbwAABgABAAAOEAAjwCcKaG9zdG1hc3RlcsAneJV7YQAAHCAAAA4QAAk6gAAADhDAJwAuAAEAAA4QAJoABgUCAAAOEGTXiDpkr+0qB1ADZnNpAmlvANoNn1MlhT8Z7rzfE2uRjuqO2kkOSu2/Lv0Or2fW/ebShiFdXOAxU8se7MS7f+BMkNJh67Ce7T/Zlq4fV2Vzpg2o9tKYXqGZJ/JPSmlwaebyzptwdFQB+07veBB0YstFjjTZQ5cOPNFvfPBAimme9Lqra7AjcH+1PBWa6+wEmx3HwHoALwABAAAOEABHE19kYXNobGFuZS1jaGFsbGVuZ2UDZnNpAmlvAAAHYgGACAADgP8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBIgAuAAEAAA4QAJoALwUCAAAOEGTG7NRkn1Q6B1ADZnNpAmlvAMpCmCciCN0WsX3svndkIbgoyvv0yTrQt/vWJE1ksbjpDDjFPplKR4PKoXJ7jSG1oLA/WGRWEYNTEz0shyNwDL0u8KgTfJ0b9jtdmTwar8YBEzGkuO7UZ9UOXBnY+WkIWQU7TEFpxOXgRmAVkasUe6Q4KLgj0vFuB1oWyzn5bP+3DGF1dG9kaXNjb3ZlcgRleGNoA2ZzaQJpbwAALwABAAAOEAAYAmExBGZtdDEDZnNpAmlvAAAGQAAACAADwfsALgABAAAOEACaAC8FBAAADhBkzk/kZKbB/wdQA2ZzaQJpbwCiNTltjKwFG079sRbhKiAdjkaSbkKwywN4dSi+svJKbzdUdfbJZ1CFfKkonDRYh3lrPkVc0qLE3ejYREhm1Vyc+fuNEfx4lRxFYD99JXrptnhFmlJXtK8PBXqTeUwjW5EC9/NVyIYpJEdwLKAUYpYHl2HLyjsuCWpx5udISN0N2wAAKQUAAACAAAAA","response_json":{"header":{"opcode":"QUERY","rcode":"NXDOMAIN","id":20343,"flags":["qr","aa","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1280,"options":[]}}},"question":[{"qname":"does.not.exist.fsi.io.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600"]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc=","NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c="]},{"rrname":"fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["_dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"NSEC","rdata":["a1.fmt1.fsi.io. A AAAA RRSIG NSEC"]},{"rrname":"autodiscover.exch.fsi.io.","rrttl":3600,"rrclass":"IN","rrtype":"RRSIG","rdata":["NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds="]}],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2023-07-13 17:41:10.821594000","vname":"base","mname":"dnsobs","message":{"time":1689270070,"response_ip":"198.51.44.4","qname":"domaintools.com.","qtype":"SOA","qclass":"IN","rcode":"NOERROR","response":"2vyEAAABAAEAAAABC2RvbWFpbnRvb2xzA2NvbQAABgABwAwABgABAAAOEAA1BGRuczEDcDA0BW5zb25lA25ldAAKaG9zdG1hc3RlcsA2YiZSNgAADhAAAAJYAAk6gAAAqMAAACkE0AAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":56060,"flags":["qr","aa"],"opt":{"edns":{"version":0,"flags":["do"],"udp":1232,"options":[]}}},"question":[{"qname":"domaintools.com.","qclass":"IN","qtype":"SOA"}],"answer":[{"rrname":"domaintools.com.","rrttl":3600,"rrclass":"IN","rrtype":"SOA","rdata":["dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200"]}],"authority":[],"additional":[]},"sensor_id":"aa11ff99"}} +{"time":"2016-11-21 21:25:08.556331019","vname":"base","mname":"dnsobs","message":{"time":1479753746,"response_ip":"192.31.80.30","qname":"www.farsightsecurity.com.","qtype":"A","qclass":"IN","rcode":"NOERROR","response":"DmKAEAABAAAABQAFA3d3dxBmYXJzaWdodHNlY3VyaXR5A2NvbQAAAQABwBAAAgABAAKjAAASA25zNQtkbnNtYWRlZWFzecAhwBAAAgABAAKjAAAGA25zNsA6wBAAAgABAAKjAAAGA25zN8A6wBAAKwABAAFRgAAk7CYFAjZyw1z6j/FMnCI7hCd71kXAr1S61XkDdf55cWHkgBR5wBAALgABAAFRgACXACsIAgABUYBYO76tWDJzxRkEA2NvbQANb/jAwTh73dCouzH+jGlCprKSW/SJccMKn/4qGqe0Q9yE2q4m7s1saY6WYAdsfiz2iF5r/Qc1rpW+FrFieYRgxTGkqQP3Q7WBjy1EGeuYW8+QRzyUu8IxdQDKuuPC22Bof8u3zlxMF80RNLrKGfHK9Z1NuSeZABjvaWAG9NeQwsA2AAEAAQACowAABNBelA3ANgAcAAEAAqMAABAmABgAAAUAAAAAAAAAAAABwFQAAQABAAKjAAAE0FB8DcBmAAEAAQACowAABNBQfg0AACkQAAAAgAAAAA==","response_json":{"header":{"opcode":"QUERY","rcode":"NOERROR","id":3682,"flags":["qr","cd"],"opt":{"edns":{"version":0,"flags":["do"],"udp":4096,"options":[]}}},"question":[{"qname":"www.farsightsecurity.com.","qclass":"IN","qtype":"A"}],"answer":[],"authority":[{"rrname":"farsightsecurity.com.","rrttl":172800,"rrclass":"IN","rrtype":"NS","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy.com."]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"DS","rdata":["60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479"]},{"rrname":"farsightsecurity.com.","rrttl":86400,"rrclass":"IN","rrtype":"RRSIG","rdata":["DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI="]}],"additional":[{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.94.148.13"]},{"rrname":"ns5.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"AAAA","rdata":["2600:1800:5::1"]},{"rrname":"ns6.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.124.13"]},{"rrname":"ns7.dnsmadeeasy.com.","rrttl":172800,"rrclass":"IN","rrtype":"A","rdata":["208.80.126.13"]}]},"query_zone":"com.","geoid":"VGhpcyBpcyBhIHRlc3Q=","sensor_id":"aa11ff99"}} diff --git a/tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg b/tests/nmsg-dnsobs-tests/test1-dnsobs.nmsg new file mode 100644 index 0000000000000000000000000000000000000000..0330d971de9fca9134301b8aed691dff6487ca77 GIT binary patch literal 3150 zcmaJ@3p`Y58-LHt9E8!Jy$O=+Rje@~&pSBXri$wT*vOp9K=#UA-1P3@H5x9`c7L_i6e+dczm%y5QmZ@ z1@W?z{|zpTA3u2o0DXm$>azOU z#lkGb`j8|!XK?jwjMCX;bp*50Z&@LG|t6qOF6}fNNKB-wQKpS z>MDaZ{ke|Yd!7d$0`vuU`^{+a=czqv;&lfMf(|OeZ&f?htUJb7Cl??<0e2k&Q=^^9E2=l5t9v{W_a-?%fzp6-x3xOwjFnO;B48NBG@1<$MUGJ34H zUE8Sk(dsL&ggM={s$RvxSA0BD%SOAJ0+$Vr)b3=Qeze=?B`${$y$k8Q|s8wfvOOb|PPVrBoaYd*CM}3ao1EE*sG1u4D zG`*78@T&PU{|dA2yxjdPBhl~VhwFbZ^IK9=vf3BqzZ>Wra#4Hi?G$;gL%(e<&(N0C zyyV$QTXW?4x^12le8)PQ$6B;otFGClPYJ zD3>zNw3Q^w^~SJ0RBZ)v6v`v<1b|MHHn$6;uqWv>JTdV82q0My;2u0pC4Qhn17V@- z7NEi?3wnGK9ibx*Xo65E5Q!O4hzR9H$B0pGWP*q%PG;b>gNM0EkuePXH4L5rw}c`A z#~d%OICBv<4oNn*VDJ!*g)F`iiHpPEBuP!loALn-#&@DZ zH!WcF$3J&-1UVTmhAq6zkN=ndu&yq8k7ICSslAa-w5<-;r$LFG(=K|gZ)d7g4Q&jH z-Pa{*qFFoVpgM-Vo2m<^k?o(LH9gPL%nyil_Etb9`uBk1$)`!QD)z|8ql5OLf5<flR2+|>Vy*}?PTHG-05F>_ z4Nh}NllMlJL={CSa9_rIU0$L3_c&T3n#;@NeT@k!-O z^!-mSo44wQhCH?KumA4Njmk|=+1brV=h;JDiyr2de7}N=o}d;DHt!ERl4soSn8H1+zwx+>nXHroJ)OEmB`U8H>n#QsC8&88@_Mg%{f=zp=?*PFwfI{OWhGsN~Uh< z;j@cYa)MO1_^U54%g`4pUt#nXsc$%_Gw2wa=cIk+CZuk0ti1bPbc;%e)`KCQ!YbI2 z{R8jD|DL*q&&(;Fk#fw=q+Gwbk1rprQExvKH&&*MB!~qZ9vUfF#}!c|74wCvOb|^H zVnKPXVw z*{

QVrL4TuO4yU%ukvnd$KQ-N|hI)j6d1Zv$^{oonDOG&?*aB3FJNQeWrDn6_r^ z%fCE4+NqDes+VGjP%qgTADE_jkgQ&ATA5M4bq~u)n^b(;NV;SIla$Igu3@|^@D?H~ z4(o4S!^Cp2i7;AjBP|s`S_!1(QiS2Vr8E*d>ATO9;>G_oRKtc!y(YS*&&dkA(r^o( z8ou}aPFtItn3zbL+5(B=LoQh*B2C&u0Sw@OhD(@Xv@dgn8kvt;E8(+3Ji_5}5i}Xo zB}C=$s14>Y#bYb=%#*By&jSW;j9`+D=z7SfC5D0x3bKJGb$X>GTBAjg@}LSnVAXah?Ttm17Na|O&L__AT0QW~+Utsi zqo&#?FSZ>7-3ejOYEWfW)M@qAy*ucA**Fhq_VB{x23oVP zVK&l3mkiew$?b*PUq(+Opb2nUWe>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60913 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 1472 +;; QUESTION SECTION: +;icann.org. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +org. 172800 IN NS a0.org.afilias-nst.info. +org. 172800 IN NS a2.org.afilias-nst.info. +org. 172800 IN NS b0.org.afilias-nst.org. +org. 172800 IN NS b2.org.afilias-nst.org. +org. 172800 IN NS c0.org.afilias-nst.info. +org. 172800 IN NS d0.org.afilias-nst.org. + +;; ADDITIONAL SECTION: +a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 +a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 +a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 +a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 +b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 +b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 +b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 +b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 +c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 +c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 +d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 +d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 +--- +sensor_id: aa11ff99 + +[727] [2023-07-13 17:41:10.587291000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 192.35.51.30 +qname: domaintools.com. +qtype: A (1) +qclass: IN (1) +rcode: NOERROR (0) +response: [682 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40813 +;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;domaintools.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +domaintools.com. 172800 IN NS dns1.p04.nsone.net. +domaintools.com. 172800 IN NS dns2.p04.nsone.net. +domaintools.com. 172800 IN NS dns3.p04.nsone.net. +domaintools.com. 172800 IN NS dns4.p04.nsone.net. +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 1689567817 1688958817 46551 com. Rbjowb4kavKWO4vv41qeACA9z/IsEG2yDe8SdHacJFadCgXzEesSNemEWvMWQt8M/rL4eFUsDUZ8F6yi4Q321o237/y/mm7vGJvVvtGaxM7/TA86ffaBKcgVS0Ed9rRPSwUrvksm3CKLGibJ21u96HCR7skRS6tavU9Ifbf+7dFVTvb8yY8urduTT/ociF1d8PDGNKYms5k8u6g8v1Wlbg== +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN NSEC3 1 1 0 - 0F3TB5GM83ENV7Q8PVT89DUK4M9RR40D NS DS RRSIG +0F3T32FIGQL49H4PTGVF4JHKU448L2QG.com. 86400 IN RRSIG NSEC3 8 2 86400 1689570650 1688961650 46551 com. DW87I2Qi2HAsjUxE2TzIrvIu/0XqNRAirmtgvi8V514167nu4Yd3Uaf4w94wmtV9e47dPZr19Ov5QxLcTTxjsekj2ilpJTcC0kThpzctDOKkR6bYmu4klo0KY//3athiqcSH/qkrpCTmCUOW3V3VjO6YYU9sGqEidBBZJUUuvfm7SJqDZNoMXFZmiG62azCKgnpeOgxGMPvL0SFd8S1W8A== + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[343] [2023-07-13 17:41:10.721721000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 208.94.148.13 +qname: fsi.io. +qtype: TXT (16) +qclass: IN (1) +rcode: NOERROR (0) +response: [307 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 24287 +;; flags: qr aa cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 +;; QUESTION SECTION: +;fsi.io. IN TXT + +;; ANSWER SECTION: +fsi.io. 3600 IN TXT "v=spf1 mx a a:support.farsightsecurity.com a:exch.fsi.io a:prod-mail-relay-1.iad1.fsi.io ~all" +fsi.io. 3600 IN RRSIG TXT 5 2 3600 1690680237 1688085753 1872 fsi.io. PlPAyglU/l/ik2RvkYfk+zFLLaXTbtnKymeUO1rQtTkmG2c3G2VPzQtMkd1y6iM4KhvBAX5Wa5ftctEQNUKRcxsl8H/BnwkDOd9zxe/hgC2cdBuVugEoI9QACqfgeBC+TPz82505Xd4H4wX0rlGn9+nRaLeVuRD2s1e6CipPfZs= + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[795] [2023-07-13 17:41:10.761629000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 208.94.148.13 +qname: does.not.exist.fsi.io. +qtype: A (1) +qclass: IN (1) +rcode: NXDOMAIN (3) +response: [744 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 20343 +;; flags: qr aa cd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1280 +;; QUESTION SECTION: +;does.not.exist.fsi.io. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +fsi.io. 3600 IN SOA fsi.io. hostmaster.fsi.io. 2023062369 7200 3600 604800 3600 +fsi.io. 3600 IN RRSIG SOA 5 2 3600 1691846714 1689251114 1872 fsi.io. 2g2fUyWFPxnuvN8Ta5GO6o7aSQ5K7b8u/Q6vZ9b95tKGIV1c4DFTyx7sxLt/4EyQ0mHrsJ7tP9mWrh9XZXOmDaj20pheoZkn8k9KaXBp5vLOm3B0VAH7Tu94EHRiy0WONNlDlw480W988ECKaZ70uqtrsCNwf7U8FZrr7ASbHcc= +fsi.io. 3600 IN NSEC _dashlane-challenge.fsi.io. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY TYPE65534 +fsi.io. 3600 IN RRSIG NSEC 5 2 3600 1690758356 1688163386 1872 fsi.io. ykKYJyII3Raxfey+d2QhuCjK+/TJOtC3+9YkTWSxuOkMOMU+mUpHg8qhcnuNIbWgsD9YZFYRg1MTPSyHI3AMvS7wqBN8nRv2O12ZPBqvxgETMaS47tRn1Q5cGdj5aQhZBTtMQWnE5eBGYBWRqxR7pDgouCPS8W4HWhbLOfls/7c= +autodiscover.exch.fsi.io. 3600 IN NSEC a1.fmt1.fsi.io. A AAAA RRSIG NSEC +autodiscover.exch.fsi.io. 3600 IN RRSIG NSEC 5 4 3600 1691242468 1688650239 1872 fsi.io. ojU5bYysBRtO/bEW4SogHY5Gkm5CsMsDeHUovrLySm83VHX2yWdQhXypKJw0WId5az5FXNKixN3o2ERIZtVcnPn7jRH8eJUcRWA/fSV66bZ4RZpSV7SvDwV6k3lMI1uRAvfzVciGKSRHcCygFGKWB5dhy8o7LglqcebnSEjdDds= + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[153] [2023-07-13 17:41:10.821594000] [1:14 base dnsobs] [00000000] [] [] +time: 1689270070 +response_ip: 198.51.44.4 +qname: domaintools.com. +qtype: SOA (6) +qclass: IN (1) +rcode: NOERROR (0) +response: [109 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56060 +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 1232 +;; QUESTION SECTION: +;domaintools.com. IN SOA + +;; ANSWER SECTION: +domaintools.com. 3600 IN SOA dns1.p04.nsone.net. hostmaster.nsone.net. 1646678582 3600 600 604800 43200 + +;; AUTHORITY SECTION: + +;; ADDITIONAL SECTION: +--- +sensor_id: aa11ff99 + +[483] [2016-11-21 21:25:08.556331019] [1:14 base dnsobs] [00000000] [] [] +time: 1479753746 +response_ip: 192.31.80.30 +qname: www.farsightsecurity.com. +qtype: A (1) +qclass: IN (1) +rcode: NOERROR (0) +response: [406 octets] +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3682 +;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags: do; udp: 4096 +;; QUESTION SECTION: +;www.farsightsecurity.com. IN A + +;; ANSWER SECTION: + +;; AUTHORITY SECTION: +farsightsecurity.com. 172800 IN NS ns5.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns6.dnsmadeeasy.com. +farsightsecurity.com. 172800 IN NS ns7.dnsmadeeasy.com. +farsightsecurity.com. 86400 IN DS 60454 5 2 3672C35CFA8FF14C9C223B84277BD645C0AF54BAD5790375FE797161E4801479 +farsightsecurity.com. 86400 IN RRSIG DS 8 2 86400 1480310445 1479701445 6404 com. DW/4wME4e93QqLsx/oxpQqayklv0iXHDCp/+KhqntEPchNquJu7NbGmOlmAHbH4s9ohea/0HNa6VvhaxYnmEYMUxpKkD90O1gY8tRBnrmFvPkEc8lLvCMXUAyrrjwttgaH/Lt85cTBfNETS6yhnxyvWdTbknmQAY72lgBvTXkMI= + +;; ADDITIONAL SECTION: +ns5.dnsmadeeasy.com. 172800 IN A 208.94.148.13 +ns5.dnsmadeeasy.com. 172800 IN AAAA 2600:1800:5::1 +ns6.dnsmadeeasy.com. 172800 IN A 208.80.124.13 +ns7.dnsmadeeasy.com. 172800 IN A 208.80.126.13 +--- +query_zone: com. +geoid: +sensor_id: aa11ff99 + From e1aee502755b949d077b39aee0039da1b7fd01d4 Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 6 Sep 2023 21:53:22 +0000 Subject: [PATCH 13/14] fix three test statements (copy and paste mistake) --- tests/nmsg-dnsobs-tests/test.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/nmsg-dnsobs-tests/test.sh.in b/tests/nmsg-dnsobs-tests/test.sh.in index 26c03181..0ae93a11 100755 --- a/tests/nmsg-dnsobs-tests/test.sh.in +++ b/tests/nmsg-dnsobs-tests/test.sh.in @@ -41,18 +41,18 @@ check nmsg-to-json $NMSGTOOL --readjson ${SOURCE}.json > ${OUTPUT}.json.pres.out check read json base:dnsobs and create dnsobs presentation output cmp -s ${SOURCE}.pres ${OUTPUT}.json.pres.out -check nmsg-to-presentation +check json-to-presentation $NMSGTOOL --readjson ${SOURCE}.json -w ${OUTPUT}.json.nmsg.out check read json base:dnsobs and create base:dnsobs nmsg output cmp -s ${SOURCE}.nmsg ${OUTPUT}.json.nmsg.out -check nmsg-to-nmsg +check json-to-nmsg # output should be same as input $NMSGTOOL --readjson ${SOURCE}.json -J ${OUTPUT}.json.json.out check read json base:dnsobs and create base:dnsobs json output cmp -s ${SOURCE}.json ${OUTPUT}.json.json.out -check nmsg-to-json +check json-to-json # NOTE: --readpres is not fully implemented for base:dnsobs From e0301453f5bd71cc102c26bd52002a80837cb60f Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Thu, 7 Sep 2023 16:00:41 +0000 Subject: [PATCH 14/14] tests/.gitignore: add some generated files to ignore --- tests/.gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/.gitignore b/tests/.gitignore index 770e9b8e..c50fbe41 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -2,7 +2,11 @@ test-layout-fltmod_plugin test-nmsg_output_set_rate string-tests/test.sh json-utf8-tests/test.sh +nmsg-dns-tests/test.sh +nmsg-dnsqr-tests/test.sh +nmsg-dnsobs-tests/test.sh nmsg-dnstap-tests/test.sh +nmsg-dns*-tests/*.out payload-crc32c-tests/test.sh udp-checksum-tests/test.sh *.log