root/src/modules/dns.xml

Revision b553f9a4d73487ee85e5cfedf2cd67352b4d5e6b, 3.8 kB (checked in by Theo Schlossnagle <jesus@omniti.com>, 4 years ago)

refs #340

This is a rather major change. Targets can now be hostnames in addition
to IP addresses so long as //checks/@resolve_targets is not false.

If a target is entered that does not look like an IP (inet_pton fails)
then the check is marked as needing resolution NP_RESOLVE.

A passive look-aside dns cache has been implemented in noit_check_resolver.c
that is used to power the whole system and some reasonably simply console
command have been provided:

show dns_cache [fqdn1 [fqdn2]] -- shows the state
dns_cache <fqdn> [fqdn2 [fqdn3]] -- submits for lookup
no dns_cache <fqdn> [fqdn2 [fqdn3]] -- purges from cache

The big change is that modules that relied on check->target to be an IP
address are going to explode when names are provided. Instead, modules
should now use target for the provided target (possibly a FQDN) and use
target_ip (check->target_ip or check.target_ip) for a resolved IP address
and also check for the case of empty string: (check->target_ip[0] == '\0')
for the case that resolution has failed. In lua, the target_ip will be
presented as nil in the case of failed name resolution.

I believe I've updated all necessary components of the system for this to
"just work" but people that have implemented their own check should update
them before they elect to use non-IP addresses as targets.

The dns subsystem supports both IPv4 and IPv6, but currently prefers IPv4
addresses if any are present.

  • Property mode set to 100644
Line 
1 <module>
2   <name>dns</name>
3   <description><para>The dns module leverages libudns to allow highly concurrent DNS lookups of a variety of DNS RR types.  In the event that you name a dns check <parameter>in-addr.arpa</parameter> with an rtype of <parameter>PTR</parameter>, the result of the query may be used throughout reconnoiter as the identifying hostname of that target.</para>
4   <para>This module provides the <function>inaddrarpa</function> interpolation method which will reverse a dot-delimited IP address.  This is particularly useful for constructing in-addr.arpa queries, but also used for checking blacklists, whitelists and other IP-based DNS databases.</para>
5   </description>
6   <loader>C</loader>
7   <image>dns.so</image>
8   <moduleconfig />
9   <checkconfig>
10     <parameter name="nameserver"
11                required="optional"
12                default="%[target_ip] or determined from underlying system"
13                allowed=".+">The domain name server to query. If the name of the check is in-addr.arpa, the system default nameserver is used.  Otherwise, the nameserver is the %[target_ip] of the the check.  If set to the string "default" the underlying system default nameserver is used.</parameter>
14     <parameter name="ctype"
15                required="optional"
16                default="IN"
17                allowed="(IN|CH|HS)">The DNS class of the query. IN: Internet, CH: Chaos, HS: Hesoid.</parameter>
18     <parameter name="rtype"
19                required="optional"
20                default="A|PTR"
21                allowed="(A|AAAA|TXT|MX|SOA|CNAME|PTR|NS|MB|MD|MF|MG|MR)">The DNS resource record type of the query.  If the name of the check is in-addr.arpa, the default is PTR, otherwise it is A.</parameter>
22     <parameter name="query"
23                required="required"
24                default="%[name]|%[:inaddrarpa:target_ip]"
25                allowed=".+">The query to send.  If the name of the check is in-addr.arpa, the reverse IP octet notation of in-addr.arpa syntax is synthesized by default.  Otherwise the default query is the name of the check itself.</parameter>
26     <parameter name="want_sort"
27                required="optional"
28                default="true"
29                allowed="(true|false|on|off)">Sorts (strcmp) the answers if multiple RRs are returned in the result set.</parameter>
30   </checkconfig>
31   <examples>
32     <example>
33       <title>Establishing PTR records for hosts.</title>
34       <para>The following established names for targets 10.1.2.{3,4,5,6} using the local nameserver (10.1.2.2) that provides service for that network.</para>
35       <programlisting><![CDATA[
36       <noit>
37         <modules>
38           <module image="dns" name="dns"/>
39         </modules>
40         <checks>
41           <config>
42             <nameserver>10.1.2.2</nameserver>
43           </config>
44           <ptr module="dns" name="in-addr.arpa">
45             <check uuid="2cddb2a8-76ff-11dd-83c8-f75cb8b93bd9" target="10.1.2.3"/>
46             <check uuid="2dd79110-76ff-11dd-9b54-739adc274a93" target="10.1.2.4"/>
47             <check uuid="5627560a-76ff-11dd-941f-4b75679cb908" target="10.1.2.5"/>
48             <check uuid="5fdcb8de-76ff-11dd-ae16-2740afc178ae" target="10.1.2.6"/>
49           </ptr>
50         </checks>
51       </noit>
52     ]]></programlisting>
53     </example>
54     <example>
55       <title>Checking labs.omniti.com.</title>
56       <para>The following checks the DNS server residing at 66.225.209.4 for the A record of labs.omniti.com.</para>
57       <programlisting><![CDATA[
58       <noit>
59         <modules>
60           <module image="dns" name="dns"/>
61         </modules>
62         <checks>
63           <ns1 module="dns" target="66.225.209.4">
64             <check uuid="3cddb2a8-76ff-11dd-83c8-f75cb8b93bd9" name="labs.omniti.com"/>
65           </ns1>
66         </checks>
67       </noit>
68     ]]></programlisting>
69     </example>
70   </examples>
71 </module>
Note: See TracBrowser for help on using the browser.