Release 2.15.1

This release fixes client subnet indexer which overwrote the mask options during initialization so the conf option client_v4_mask and client_v6_mask was never used.

Other changes:

• Update documentation
• Update builtin known TLDs based on PSL
• Update copyright year

d577a97 Copyright
f71edff Known TLDs
dedafdd Client mask
8ef947c Doc

Release 2.15.0

This release fixes DNS parsing w.r.t. EDNS, implements better loop detection during name decompression and adds a lot of EDNS indexers and filters.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.15.0.tar.gz
sha256: b89b168260577017c75d8c8fba4b0a99e3e87db5673999bffd7bce0b693383f7

Packages are available at: https://dev.dns-oarc.net/packages/

Previously the DNS parser expected the additional records to come straight after the question section. Meaning that if the DNS packet had any answer or authority records, they would be parsed as additional records for the OPT record and EDNS information.

Following new indexers has been added:

• edns_cookie
• edns_cookie_len
• edns_cookie_client
• edns_cookie_server
• edns_ecs
• edns_ecs_family
• edns_ecs_source_prefix
• edns_ecs_scope_prefix
• edns_ecs_address
• edns_ecs_subnet
• edns_ede
• edns_ede_code
• edns_ede_textlen
• edns_ede_text
• edns_nsid
• edns_nsid_len
• edns_nsid_data
• edns_nsid_text

Following new filters has been added:

• edns0-only
• edns0-cookie-only
• edns0-nsid-only
• edns0-ede-only
• edns0-ecs-only

See man-page dsc.conf(5) for more information.

Other fixes/additions:

• Only parse entire DNS message if EDNS indexers are used
• dns_protocol: Implement proper loop detection during decompression
• xmalloc: Check return of amalloc() before using memset()/memcpy() because it's undefined behavior on null pointers

8259f30 EDNS filters
41f3b9a strtohex, nsid text
a666c04 EDNS(0) Client Subnet
b5164fe EDNS
7cabfd9 EDNS0 parsing fixes and additional EDNS0 indexers.
46b1797 memcpy/memset fixes
8fd7b7a EDNS parsing
cee2bf7 EDNS0 parsing, multi RR test
a2c00c9 DNS compression loop detection
9875a3e RR parsing

Release 2.14.1

Fixed a bug in TLD handling when using tld_list, it did not reset where it was in the QNAME when nothing was found and could therefor wrongly indicate something as a TLD.

Also fixed a typo in the dsc.conf man-page.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.14.1.tar.gz
sha256: 2f61edad25c6ea9a0d97fd6c4750bade1e38d719ec2ee5845b9b3f605f47be39

Packages are available at: https://dev.dns-oarc.net/packages/

976589d GCOV
c3afee4 TLD list, doc typo

Release 2.14.0

This release adds new configure option to control the file access to the output files, support for newer DNSTAP, improved DNSTAP message handling and updated Public Suffix List.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.14.0.tar.gz
sha256: 06fe83078d67baed6cb39f293aa6b032650200706523b17e2527647bc4e01a33

Packages are available at: https://dev.dns-oarc.net/packages/

• Fix #279: Add new conf options to control output file access:
  • output_user: set output file user ownership
  • output_group: set output file group ownership
  • output_mod: set output file mode bits
• dnstap: Move DNSTAP essential attributes checks inside each type and customize them for that specific type
• Update dnswire dependencies to v0.4.0
• encryption_index: Add support for new DNSTAP DNS-over-QUIC socket protocol
• Update builtin Public Suffix List (PSL)

abfe245 DNSTAP
da06317 Output file access
af01a48 DOQ transport, PSL update

Release 2.13.2

Updated pcap-thread to v4.0.1:

Fixed issue with pcap_dispatch() during non-threaded timed runs by checking packet timestamp and use pcap_breakloop() if the run should end.
Based on reports, it looks like pcap_dispatch() won't stop processing if load is high enough even if documentation says "only one bufferful of packets is read at a time".

Many thanks to Klaus Darilion @klaus3000 (NIC.AT) for the report and helping to track down the issue and test fixes!

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.13.2.tar.gz
sha256: 22f2f1ed6ef04d462c49014aaada09c0f2ba5d8f90156c1afae23cf456cf5df6

Packages are available at: https://dev.dns-oarc.net/packages/

e7d92fe Fix COPR
7ecf217 pcap-thread

Release 2.13.1

This patch release is mainly for build and packages where MaxMind DB library is preferred over the legacy GeoIP library.
MaxMind has announced that the databases for GeoIP will be EOL May 2022 and recommends switching to GeoIP2 databases.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.13.1.tar.gz
sha256: 1112ad45a1578c2c04dcec949045f48490bd54bccc4cfa6bf5b7cc2808a5391b

Packages are available at: https://dev.dns-oarc.net/packages/

Also updated DSC's description, removing references to the now discontinued Presenter and pointing to dsc-datatool instead.

d891e2c Package, description
c23406c Optional GeoIP
26dd506 GeoIP

Release 2.13.0

This release fixes a huge performance issue with hashing IPv6 addresses, adds support for new DNSTAP messages types and protocols, and adds two new indexers.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.13.0.tar.gz
sha256: 8f37b002b0093a34f19477b476ab1b76c462d12e792bd6e3b637947a4e3ee1ab

Packages are available at: https://dev.dns-oarc.net/packages/

Thanks to a patch sent in by Ken Renard (@kdrenard) a rather huge performance issue related to hashing IPv6 addresses has been solved.
Old code used a very incorrect assumption about addresses in general and while same way was used for IPv4, it didn't hit as hard as it did
for IPv6.
New code uses hashing functions on both address types and to quote the GitHub issue (by Ken):

This performs about 5% better than what I did (51 sec versus 54 sec) for 5GB pcap file with nearly 50/50 split of IPv4 and IPv6 (3.7M/3.5M v4/v6 queries). Old inXaddr_hash() has been running for 75 minutes and is about 20% done. I say this is a winner!"

Many thanks to Ken for pointing this out and supplying a patch!

DSC now depends on dnswire v0.3.0 which includes new DNSTAP messages types and protocols that was recently added to DNSTAP's Protobuf definition.
The new UPDATE_QUERY and UPDATE_RESPONSE messages types are now supported and are interpret as AUTH_QUERY and AUTH_RESPONSE.
The new socket protocols for DOT, DOH and DNSCrypt are also supported and are interpret as TCP for indexers such as ip_proto and transport. To get stats on the encryption itself you can use the new indexer encryption.

Two new indexers have been added:

• label_count: Number of labels in the QNAME
• encryption: Indicates whether the DNS message was carried over an encrypted connection or not, and if so over which. For example "unencrypted", "dot" (DNS-over-TLS), "doh" (DNS-over-HTTPS).

Other changes:

• inX_addr: Rework structure, separate IPv4 and IPv6 addresses
• Fix some DNSTAP tests
• transport_index: Fix typo in code documentation

37df703 DNSTAP update, encryption indexer
d27171f Label count indexer
6932247 Adding labellen indexer which counts the number of labels in a DNS message
68cc9c7 New IP hashing

Release 2.12.0

This release adds a new conf option tld_list to control what DSC considers are TLDs, and a script to convert the Public Suffix List to this format (see man dsc-psl-convert for more information).

For example, using this option will allow DSC to gather statistics on domains like co.uk and net.au that would otherwise be counted as uk and au.

The release also updates the man-pages, clarifying how to use multiple interface and other similar options. And removes the deprecated cron upload scripts.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.12.0.tar.gz
sha256: 4f7643fe87ddc0ad5b3555596d61fbaf2abf7e29bc5cbd30996e3cd8aa6cebbc

Packages are available at: https://dev.dns-oarc.net/packages/

e779a87 Remove upload scripts
2880f93 PSL TLD list
ea04022 Update Copyright and known TLDs
5cbc7a4 Output format
b7e6c35 Doc
e66dae4 dh_auto_test
6a3e817 debhelper
89d033f Bye Travis
fa1c179 Mattermost

Release 2.11.2

This release fixes a bug in asn_indexer that didn't enabled the usage of MaxMindDB after successful initiation. Other changes include a typo fix in configure and a lot of coverage tests.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.11.2.tar.gz
sha256: c482325e9d4cfb40ea47c7123f04502a9b18c343b4dc445d736105af955d893a

Packages are available at: https://dev.dns-oarc.net/packages/

395b11a Travis, configure
ffea9ed Tests
8b0bebd Tests
09f8174 Config tests
d1514d4 Coverage
66b018c Coverage, ASN indexer

Release 2.11.1

This release fixes a 17-year old code cut&paste mistake in the classification indexer, until now it's been classifying funny query types based on the query class. This fix was sent in by Jim @banburybill Hague (Sinodun), thanks Jim!

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.11.1.tar.gz
sha256: f385437e8b6d6aea582e926803e5705eb769990df077e850c69c61342fa17b2f

Packages are available at: https://dev.dns-oarc.net/packages/

Other changes are based on code analysis reports and setup for code coverage.

8d4763c Correct funny-qtype classification.
a1dd55e getline
29bd143 Coverage
685e504 SonarCloud
f759515 Badges