From ed591d91f709d852adb4f73136a1aebd9a039cf5 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 5 Oct 2017 16:59:02 -0600 Subject: [PATCH] document types and rename some fixtures --- README.md | 198 +++++++++++++++++- .../google.com.soa.bin} | Bin .../google.com.soa.json} | 0 .../yahoo.com.any.nxdomain.bin} | Bin .../yahoo.com.any.nxdomain.hex} | 0 .../yahoo.com.any.nxdomain.json} | 0 6 files changed, 196 insertions(+), 2 deletions(-) rename test/{soa_test/google.com.soa.0.bin => fixtures/google.com.soa.bin} (100%) rename test/{soa_test/google.com.soa.0.json => fixtures/google.com.soa.json} (100%) rename test/{soa_test/nx.yahoo.com.any.0.bin => fixtures/yahoo.com.any.nxdomain.bin} (100%) rename test/{soa_test/nx.yahoo.com.any.0.hex => fixtures/yahoo.com.any.nxdomain.hex} (100%) rename test/{soa_test/nx.yahoo.com.any.0.json => fixtures/yahoo.com.any.nxdomain.json} (100%) diff --git a/README.md b/README.md index 1ff620b..627a476 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,7 @@ Capturing Packets We have a command line tool for that! See [dig.js](https://git.daplie.com/Daplie/dig.js). -``` +```bash # Install npm install -g 'git+https://git@git.daplie.com/Daplie/dig.js.git' @@ -160,6 +160,199 @@ dig.js A daplie.com --output . dig.js --mdns PTR _services._dns-sd._udp.local --output . ``` +Resource Record Examples +======================== + +* SOA +* NS +* A +* AAAA +* CNAME +* MX +* TXT +* SRV +* PTR + +SOA +--- + +I'm pretty sure that the SOA only goes in the `authority` section +(except when SOA is queried explicitly) +and that it's only given as a response to any empty set +(where `RCODE == NXDOMAIN`) +to affirm "yes, I am responsible for this domain but, no, I don't have a record for it". + +If another nameserver has been delegated authority for a particular subdomain +a set of `NS` records should be returned instead. + +```json +{ + "name": "yahoo.com", + "type": 6, + "typeName": "SOA", + "class": 1, + "className": "IN", + "ttl": 599, + "primary": "ns1.yahoo.com", + "admin": "hostmaster.yahoo-inc.com", + "serial": 2017092539, + "refresh": 3600, + "retry": 300, + "expiration": 1814400, + "minimum": 600 +} +``` + +NS +--- + +I'm also pretty sure that the NS only goes in the `authority` section +(except when NS is queried explicitly) +and that it's given as a successful response +(`RCODE == SUCCESS`) +to any query type +(`A` or `AAAA`, `MX`, `TXT`, or `SRV`) +where the answer sections is an empty set because the records in +question have been delegated to another nameserver. + +```json +{ + "name": "google.com", + "type": 2, + "typeName": "NS", + "class": 1, + "className": "IN", + "ttl": 82790, + "data": "ns3.google.com" +} +``` + +A +--- + +The most common type of record. Returns the IPv4 address for a given domain. + +```json +{ + "name": "www.linode.com", + "type": 1, + "typeName": "A", + "class": 1, + "className": "IN", + "ttl": 291, + "address": "72.14.191.202" +} +``` + +AAAA +---- + +Returns the IPv6 address for a given domain. + +```json +{ + "name": "irc6.geo.oftc.net", + "type": 28, + "typeName": "AAAA", + "class": 1, + "className": "IN", + "ttl": 59, + "address": "2607:f8f0:610:4000:211:11ff:fe1c:7bec" +} +``` + +CNAME +----- + +The CNAME is used to look up the IP address for the given alias. +(the alias is often referred to incorrectly as a CNAME but it is, in fact, the alias) + +```json +{ + "name": "www.nodejs.org", + "type": 5, + "typeName": "CNAME", + "class": 1, + "className": "IN", + "ttl": 3600, + "data": "nodejs.org" +} +``` + +MX +--- + +Mail Exchange Records show the alias that should be looked up to know where incoming mail should +be sent. + +```json +{ + "name": "microsoft.com", + "type": 15, + "typeName": "MX", + "class": 1, + "className": "IN", + "ttl": 197, + "priority": 10, + "exchange": "microsoft-com.mail.protection.outlook.com" +} +``` + +TXT +--- + +Often used for outgoing mail validations, public keys, lots of arbitrary stuff. + +```json +{ + "name": "aol.com", + "type": 16, + "typeName": "TXT", + "class": 1, + "className": "IN", + "ttl": 1926, + "data": [ "v=spf1 ptr:mx.aol.com ?all" ] +} +``` + +SRV +--- + +A way to associate a service with a port and other relevant information. +Used for federated / dencentralized protocols (like XMPP) and mDNS/DLNA/UPnP/DNS-SD type stuff. + +```json +{ + "name": "_xmpp-server._tcp.gmail.com", + "type": 33, + "typeName": "SRV", + "class": 1, + "className": "IN", + "ttl": 900, + "priority": 5, + "weight": 0, + "port": 5269, + "target": "xmpp-server.l.google.com" +} +``` + +PTR +--- + +Used for mDNS/DNS-SD type discoveries and anti-spam reverse lookup verification for mail servers. + +```json +{ + "name": "_pdl-datastream._tcp.local", + "type": 12, + "typeName": "PTR", + "class": 1, + "className": "IN", + "ttl": 255, + "data": "Canon MF620C Series._pdl-datastream._tcp.local" +} +``` + Contributing and Development ============================ @@ -204,7 +397,8 @@ Ideally you should have some idea of what the result file should look like and should place that in `test/fixtures/...json` ```bash -node bin/capture-query.js --name www.google.com --type CNAME +npm install -g dig.js +dig.js --name www.google.com --type CNAME --output ./samples/ ``` 3) Create `parser/type.cname.js` diff --git a/test/soa_test/google.com.soa.0.bin b/test/fixtures/google.com.soa.bin similarity index 100% rename from test/soa_test/google.com.soa.0.bin rename to test/fixtures/google.com.soa.bin diff --git a/test/soa_test/google.com.soa.0.json b/test/fixtures/google.com.soa.json similarity index 100% rename from test/soa_test/google.com.soa.0.json rename to test/fixtures/google.com.soa.json diff --git a/test/soa_test/nx.yahoo.com.any.0.bin b/test/fixtures/yahoo.com.any.nxdomain.bin similarity index 100% rename from test/soa_test/nx.yahoo.com.any.0.bin rename to test/fixtures/yahoo.com.any.nxdomain.bin diff --git a/test/soa_test/nx.yahoo.com.any.0.hex b/test/fixtures/yahoo.com.any.nxdomain.hex similarity index 100% rename from test/soa_test/nx.yahoo.com.any.0.hex rename to test/fixtures/yahoo.com.any.nxdomain.hex diff --git a/test/soa_test/nx.yahoo.com.any.0.json b/test/fixtures/yahoo.com.any.nxdomain.json similarity index 100% rename from test/soa_test/nx.yahoo.com.any.0.json rename to test/fixtures/yahoo.com.any.nxdomain.json