Engine for capturing, parsing and replaying DNS
dnsjit is a combination of parts taken from dsc, dnscap, drool, and put together around Lua to create a script-based engine for easy capturing, parsing and statistics gathering of DNS messages while also providing facilities for replaying DNS traffic.
One of the core functionality that dnsjit brings is to tie together C and Lua modules through a receiver/producer interface. This allows creation of custom chains of functionality to meet various requirements. Another core functionality is the ability to parse and process DNS messages even if the messages are non-compliant with the DNS standards.
The following Lua module categories exists:
dnsjit.core: Core modules for handling things like logging, DNS messages and receiver/receive functionality.
dnsjit.lib: Various Lua libraries or C library bindings.
dnsjit.input: Input modules used to read DNS messages in various ways.
dnsjit.filter: Filter modules to process or manipulate DNS messages.
dnsjit.output: Output modules used to display DNS message, export to various formats or replay them against other targets.
See each category's man-page for more information.
More information may be found here:
Issues should be reported here:
General support and discussion:
Packages for Debian, Ubuntu, EPEL, SLE, openSUSE can be found in the PRE-RELEASE channel. Some distributions are limited to certain architectures because of LuaJIT.
- libluajit 2.0+ (or compatible alternatives)
- luajit (for building)
- automake/autoconf/libtool/pkg-config (for building)
apt-get install libluajit-5.1-dev libpcap-dev luajit liblmdb-dev libck-dev libgnutls28-dev libuv1-dev libnghttp2-dev
yum install luajit-devel libpcap-devel lmdb-devel ck-devel gnutls-devel libuv-devel libnghttp2-devel
pkg install luajit libpcap lmdb gnutls concurrencykit libuv libnghttp2
pkg_add luajit gnutls libuv nghttp2 + manual install of libpcap, liblmdb and libck
On some version of SUSE Linux Enterprise moonjit is used as an compatible alternative to luajit.
git clone https://github.com/DNS-OARC/dnsjit cd dnsjit sh autogen.sh ./configure make
Most documentation exists in man-pages and you do not have to install to access them, after building you can do:
man src/dnsjit.1 man src/dnsjit.core.3 man src/dnsjit.lib.3 man src/dnsjit.input.3 man src/dnsjit.filter.3 man src/dnsjit.output.3
Run a Lua script:
dnsjit file.lua ...
#!/usr/bin/env dnsjit ...
Following example display the DNS ID found in queries.
require("dnsjit.core.objects") local input = require("dnsjit.input.pcap").new() local layer = require("dnsjit.filter.layer").new() local dns = require("dnsjit.core.object.dns").new() input:open_offline(arg) layer:producer(input) local producer, ctx = layer:produce() while true do local object = producer(ctx) if object == nil then break end if object:type() == "payload" then dns.obj_prev = object if dns:parse_header() == 0 then print(dns.id) end end end
See more examples in the examples directory.
Copyright (c) 2018-2021, OARC, Inc.
All rights reserved.
This file is part of dnsjit. dnsjit is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. dnsjit is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with dnsjit. If not, see <http://www.gnu.org/licenses/>.