Permalink
Browse files

Updated doc to be more correct

  • Loading branch information...
1 parent c954553 commit a7f8fe8a552b154b96c1bffba915e74586472dad gamelinux committed Mar 10, 2012
Showing with 12 additions and 15 deletions.
  1. +1 −0 README
  2. +7 −4 doc/How-it-works.txt
  3. +4 −4 doc/ROADMAP
  4. +0 −7 doc/TODO
View
1 README
@@ -26,6 +26,7 @@ Example output from version 0.2.8 in the log file (/var/log/passivedns.log):
1322849924||192.168.1.1||81.167.36.3||IN||i1.ytimg.com.||CNAME||ytimg.l.google.com.||43200
1322849924||192.168.1.1||8.8.8.8||IN||clients1.google.com.||A||173.194.32.3||43200
+PassiveDNS works on IPv4 and IPv6 traffic and parse DNS traffic over TCP and UDP.
** How can PassiveDNS be used: **
View
@@ -5,23 +5,26 @@
* Decodes packets as they come in.
* Handles vlan
* Handles IPv4 and IPv6 packets
-* We only look at DNS on UDP port 53.
+* We look at DNS on UDP and TCP
## Connection Tracking
* Same connection tracking as in cxtracker
** When used with a propper BPF (filter),
- it only tracks traffic on port 53 UDP.
+ it only tracks traffic on port 53.
* Connection tracking is used to make sure
that a client asked for a domain, so that
there will not be any tracking of domains,
if a client did not request one. A bit spoof
- protection.
+ protection. In the connection data, the
+ DNS Transaction ID is also stored, to verify
+ that the client sent a request, and that the
+ server answered the right TID request :)
## Domain caching
* When a DNS question and answer is recieved, it
is stored in an internal linked list. If its new,
we will print the info to the logfile, and we will
- not print it again befor it has gone 24 hours or
+ not print it again befor it has gone 12 hours or
the record has changed. This is to provent flooding
of data to the log file, and serving you much duplicat
info.
View
@@ -28,6 +28,10 @@
* evation ?
* flooding ?
* BOF (fuzz the crap out of it)
+ - some stats when exiting
+ * max concurrent records cached
+ * max concurrent sessions (cxt)
+ * max session memory usage (cxt)
# Version 0.5.0
== Production ready and stable ==
@@ -45,10 +49,6 @@
- cmdline for specifying BPF filter
- cmdline for specifying pidfile
- daemon mode
- - some stats when exiting
- * max concurrent records cached
- * max concurrent sessions (cxt)
- * max session memory usage (cxt)
- output fields:
timestamp||dns-client||dns-server||RR class||Query||Query Type||Answer||TTL
View
@@ -1,10 +1,6 @@
# PassiveDNS
-* Implement comandline option for chroot
-
-* Look into limiting memory usage
-
* Add some stats
* Add abuility to read log file when starting up
- Import domains that has timestamp less then "$cachetimeout" ago
@@ -14,6 +10,3 @@
* Adding abuility for custom output formating
-
-### Evaluate:
- DNAME, MX, NAPTR, NS, RP, SOA, SRV, TXT

0 comments on commit a7f8fe8

Please sign in to comment.