[dnstop] not all DNS types resolving
Duane Wessels
wessels at measurement-factory.com
Fri Nov 30 19:29:43 UTC 2012
On Fri, 23 Nov 2012, Paul Vlaar wrote:
> I've been using dnstop for a while, and I really like it as a quick tool
> to do DNS analysis. I didn't notice until now that some DNS types aren't
> resolving:
>
> Query Type Count % cum%
> ---------- --------- ------ ------
> #32769? 130347 1.7 96.5
> #35? 416 0.0 100.0
> #65323? 167 0.0 100.0
> #52? 31 0.0 100.0
> #0? 11 0.0 100.0
> #51? 10 0.0 100.0
> #44? 9 0.0 100.0
> #26? 3 0.0 100.0
> #18? 2 0.0 100.0
> #13? 3 0.0 100.0
> #41? 2 0.0 100.0
> #253? 1 0.0 100.0
>
> 32769 is DLV, 35 NAPTR (ENUM), 52 is TLSA, 51 is NSEC3PARAM, 44 is
> SSHFP, 26 is PX, 18 is AFSDB and 13 is HINFO. Not sure what the others
> are. 65323 a private one perhaps?
>
> Any chance this can be made to recognize by dnstop? I've had a quick
> glance at the code but can't figure out where this is defined. Maybe
> elsewhere on the local system?
Paul,
here is a patch:
Index: dnstop.c
===================================================================
RCS file: /usr/local/CVS/dnstop/dnstop.c,v
retrieving revision 1.114
retrieving revision 1.115
diff -u -3 -p -r1.114 -r1.115
--- dnstop.c 17 Oct 2012 16:37:23 -0000 1.114
+++ dnstop.c 30 Nov 2012 19:26:41 -0000 1.115
@@ -1,5 +1,5 @@
/*
- * $Id: dnstop.c,v 1.114 2012/10/17 16:37:23 wessels Exp $
+ * $Id: dnstop.c,v 1.115 2012/11/30 19:26:41 wessels Exp $
*
* http://dnstop.measurement-factory.com/
*
@@ -167,27 +167,6 @@ typedef const char *(col_fmt) (const Sor
typedef char *(strify) (unsigned int);
#define T_MAX 65536
-#ifndef T_A6
-#define T_A6 38
-#endif
-#ifndef T_SRV
-#define T_SRV 33
-#endif
-#ifndef T_DS
-#define T_DS 43
-#endif
-#ifndef T_RRSIG
-#define T_RRSIG 46
-#endif
-#ifndef T_NSEC
-#define T_NSEC 47
-#endif
-#ifndef T_DNSKEY
-#define T_DNSKEY 48
-#endif
-#ifndef T_SPF
-#define T_SPF 99
-#endif
#define C_MAX 65536
#define OP_MAX 16
#define RC_MAX 16
@@ -347,12 +326,12 @@ allocate_anonymous_address(inX_addr * an
ptr->addr = *orig_addr;
ptr->data = (void *)(ptr + 1);
if (4 == inXaddr_version(orig_addr)) {
- read(entropy_fd, buf, 4);
+ (void) read(entropy_fd, buf, 4);
inXaddr_assign_v4(ptr->data, (struct in_addr *)buf);
}
#if USE_IPV6
else {
- read(entropy_fd, buf, 16);
+ (void) read(entropy_fd, buf, 16);
inXaddr_assign_v6(ptr->data, (struct in6_addr *)buf);
}
#endif
@@ -1092,48 +1071,78 @@ qtype_str(unsigned int t)
case T_PTR:
return "PTR?";
break;
+ case 13:
+ return "HINFO?";
+ break;
case T_MX:
return "MX?";
break;
case T_TXT:
return "TXT?";
break;
+ case 18:
+ return "AFSDB?";
+ break;
case T_SIG:
return "SIG?";
break;
case T_KEY:
return "KEY?";
break;
+ case 26:
+ return "PX?";
+ break;
case T_AAAA:
return "AAAA?";
break;
case T_LOC:
return "LOC?";
break;
- case T_SRV:
+ case 33:
return "SRV?";
break;
- case T_A6:
+ case 35:
+ return "NAPTR?";
+ break;
+ case 38:
return "A6?";
break;
- case T_DS:
+ case 41:
+ return "OPT?";
+ break;
+ case 43:
return "DS?";
break;
- case T_RRSIG:
+ case 44:
+ return "SSHFP?";
+ break;
+ case 46:
return "RRSIG?";
break;
- case T_NSEC:
+ case 47:
return "NSEC?";
break;
- case T_DNSKEY:
+ case 48:
return "DNSKEY?";
break;
- case T_SPF:
+ case 50:
+ return "NSEC3?";
+ break;
+ case 51:
+ return "NSEC3PARAM?";
+ break;
+ case 52:
+ return "TLSA?";
+ break;
+ case 99:
return "SPF?";
break;
case T_ANY:
return "ANY?";
break;
+ case 32769:
+ return "DLV?";
+ break;
default:
if (qtypes_buf[t])
return qtypes_buf[t];
More information about the dnstop
mailing list