GitHub - dsutto/DNSmezzo: Only DNSmezzo from AFNIC project DNSwitness. Modifications used in .hu TLD

dsutto / DNSmezzo Public

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Only DNSmezzo from AFNIC project DNSwitness. Modifications used in .hu TLD

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 34 Commits
RIPE-Lisbon		RIPE-Lisbon
Web-site		Web-site
capture		capture
cron		cron
domain-name-type		domain-name-type
reporting		reporting
reports		reports
.gitignore		.gitignore
GeoIP		GeoIP
Makefile		Makefile
README		README
TODO		TODO
create.sql		create.sql
delete_old_records.sql		delete_old_records.sql
dns-parameters		dns-parameters
dns-parameters.sql		dns-parameters.sql
dnsparameters2sql.py		dnsparameters2sql.py
drop.index.sql		drop.index.sql
drop.sql		drop.sql
first_last_aggr.sql		first_last_aggr.sql
grant.sql		grant.sql
index.sql		index.sql
nameservers.sql		nameservers.sql
packet-defs.h		packet-defs.h
packet-headers.h		packet-headers.h
packets2postgresql		packets2postgresql
packets2postgresql.c		packets2postgresql.c
packets2postgresql.o		packets2postgresql.o
parse-metadata.c		parse-metadata.c
pcap-parse.c		pcap-parse.c
pcap-parse.o		pcap-parse.o
pcapdump.conf		pcapdump.conf
qtype_view.sql		qtype_view.sql
qtype_view_greece2k.sql		qtype_view_greece2k.sql
store-to-db		store-to-db
tablefunc.sql		tablefunc.sql
test-disk.sh		test-disk.sh
test1		test1
test1.c		test1.c
test1.o		test1.o
util-functions.sql		util-functions.sql

Repository files navigation

DNSMezzo
========

DNSmezzo is a framework for the capture and analysis of DNS packets. It
allows the manager of a DNS name server to get information such as the
top N domains requests, the percentage of IPv6 queries, the most
talkative clients, etc. It is part of the broader program DNSwitness.

DNSmezzo is optimized for periodic, unattended runs, for instance from a
cron job. Results are typicallly stored in a databse, most of the time a
rDBMS, to allow long-term surveys.

Developed at AFNIC, mostly by Stéphane Bortzmeyer.
Some modifications in reporting were made by Dániel Süttő.
For more information see: http://www.dnsmezzo.net/

Requirements:
-------------
Tipically you will need the following things:
 * A C compiler (libc6, gcc)
 * libpq (with headers)
 * libpcap (with headers)
 * A libpcap compatible dumping utility (eg. tcpdump)
 * PostgreSQL
 * Python with Postgresql support (pycopg2)
 * xsltproc
 * cron
 * ...

Installation and usage:
-----------------------
 I.) Prepare database
  (* On Debian-like systems first login: sudo -u postgres psql)
   * Create new user and database:
       CREATE USER dns_monitor WITH CREATEDB  PASSWORD '********';
       CREATE DATABASE dns_monitor with owner dns_monitor;
   * Install tables and predefined constants:
       cat create.sql | psql -U dns_monitor -h 127.0.0.1
     Optionally you can update dns-parameters:
       wget http://www.iana.org/assignments/dns-parameters
       ./dnsparameters2sql.py > dns-parameters.sql
       cat dns-parameters.sql | psql -U dns_monitor -h 127.0.0.1
   * Optionally install extra SQL libraries (Must be done with postgres superuser)
       cat util-functions.sql | psql -h 127.0.0.1 -U postgres dns_monitor
       cat tablefunc.sql | psql -h 127.0.0.1 -U postgres dns_monitor
       cat first_last_aggregate.sql | psql -h 127.0.0.1 -U postgres dns_monitor

 II.) Compile parser
   Simply run make. Install required libraries and try again. :D
     make
 
 III.) Collect dns traffic in standart pcap files.

 IV.) Save DNS packets into database
     Use packets2postgresql or rewrite store-to-db script.
     My solution: ./packets2postgresql  -v -c 'host=127.0.0.1 user=dns_monitor password=********' myfile.cap

 V.) Genarate reports
     cd reporting/sajat
   Rewrite installation path in Makefile
     make install "DATE=2011/11/03"

-- Written by Dániel Süttő