dnstap-parse

The main goal of this code is to create a basic dnstap printing tool based on
the golang-dnstap library.

The output is supposed to mimic the “short summary format” of
dnstap-read
from BIND but with the possibility of adding additional information via flags
so you can easily grep for such things (currently DNS ID via -id)

Usage of ./dnstap-parse:
  -cpuprofile string
    	write cpu profile to file
  -file string
    	read dnstap data from file
  -id
    	include DNS ID in output

The -cpuprofile flag is not helpful for ordinary usage, it is just there to
be able to profile the tool.

Known output differences with dnstap-read

From investigating dnstap files in the wild I have noticed some instances
where the output of this tool and dnstap-read differs. Specifically the
character escaping rules used by dnstap-read and miekg/dns differ somewhat.

One example of this is how 0x20 (space) is represented in domain names, where miekg/dns
will present it as \ and dnstap-read will present it as \032 leading to
this tool outputting example\ lookup/IN/A while dnstap-read will print
example\032lookup/IN/A.

Another example of this is the 0x27 (') character which is not escaped at
all by dnstap-read, but is escpaed in miekg/dns due to being defined as special
in isDomainNameLabelSpecial()

This results in dnstap-read outputting example'lookup/IN/A while this
tool prints example\'lookup/IN/A.

The overall character espacing rules used by miekg/dns can be found in
UnpackDomainName()

GitHub

View Github