Release 2.11.1

This release fixes a 17-year old code cut&paste mistake in the classification indexer, until now it's been classifying funny query types based on the query class. This fix was sent in by Jim @banburybill Hague (Sinodun), thanks Jim!

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.11.1.tar.gz
sha256: f385437e8b6d6aea582e926803e5705eb769990df077e850c69c61342fa17b2f

Packages are available at: https://dev.dns-oarc.net/packages/

Other changes are based on code analysis reports and setup for code coverage.

8d4763c Correct funny-qtype classification.
a1dd55e getline
29bd143 Coverage
685e504 SonarCloud
f759515 Badges

Release 2.11.0

This release updates the built in known TLDs table and adds the optional configuration option knowntlds_file to, instead of using the built in table, load the data from a file.

If compiled with only MaxMindDB support then ASN and Country indexer would complain (and exit) that no database has been specified.
This release changes the behavior to match that of GeoIP support, making it possible to run without specifying a database.

Other changes:

• Fix compile warnings
• COPR packaging fixes
• country_indexer: Fixed typos in log messages (was copied from ASN)
• Fix issues and false-positives reported by newer version of scan-build

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.11.0.tar.gz
sha256: d062e398a09f9ca4b7b81fc918657953a0fcccdff5f065cf042fb1b6557609e5

Packages are available at: https://dev.dns-oarc.net/packages/

Commits:
e937d1 COPR
1382370 country, asn
423a813 scanbuild
2571b97 Compile warnings
4f69447 Known TLDs

Release 2.10.0

This release adds new configuration options to dnstap_unixsock to control ownership and permissions for the DNSTAP socket file.

Other fixes:

• Unlink the DNSTAP socket file if an error during initialization occur
• Do hard exit in forks to not run atexit() (which will unlink the DNSTAP socket file)

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.10.0.tar.gz
sha256: 1bcf1707f5319e330dcdb4e70aab86d5aae7799ff205789d8a63a27d736190a3

Packages are available at: https://dev.dns-oarc.net/packages/

Commits:
9d1d49a fork
733b286 DNSTAP socket

Release 2.9.1

This release fixes a few bugs, removes a lot of the debug messages about DNSTAP and removes GeoIP from openSUSE/SLE packages as it has been deprecated on those platforms.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.9.1.tar.gz
sha256: 459ac9cedb3ca9a14840b86252a689c0363a3b037029b06bca7ccfc19aeb7f41

Packages are available at: https://dev.dns-oarc.net/packages/

NOTE: DNSTAP support is enabled in packages as of v2.9.0!

Changes:

• daemon: Fix bug with listening for SIGINT when in foreground mode
• dnstap:
  • Fix #217: Unlink UNIX socket on exit if successfully initiated
  • Fix startup bug, exit() if unable to initialize
  • Fix #220:
    • Remove/hide a lot of debug messages and the printing of the DNSTAP message
    • Clarify a lot of the info and error messages
    • Prefix all DNSTAP related messages with DNSTAP:
• Fix compile warnings and include headers when GeoIP is missing
• asn_indexer: Fix bug, said unknown IPv4 when it was IPv6

Commits:
08bad5b DNSTAP debug
1232264 LGTM
589ea7a GeoIP, asn indexer
4fea0d2 sigint, DNSTAP UNIX socket, DNSTAP init

Release 2.9.0

This release adds support for receiving DNS messages over DNSTAP along with documentation updates and eliminated compiler warnings.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.9.0.tar.gz
sha256: 5eebaee4519586b8b194df7e419788156143786a6ac08298793ce659034f8945

Packages are available at: https://dev.dns-oarc.net/packages/

To enable DNSTAP support, install dependencies (check README.md) and run configure with --enable-dnstap.

New configuration options:

• dnstap_file: specify input from DNSTAP file
• dnstap_unixsock: specify DNSTAP input from UNIX socket
• dnstap_tcp: specify DNSTAP input from TCP connections (dsc listens)
• dnstap_udp: specify DNSTAP input from UDP connections (dsc listens)
• dnstap_network: specify network information in place of missing DNSTAP attributes

Other changes:

• Add documentation about extra configure options that might be needed for FreeBSD/OpenBSD
• Fix compile warnings on FreeBSD 11.2
• Fix compile warning snprintf() truncation
• Packaging updates

Commits:
60e6950 DNSTAP
af0417b README
1f1b489 COPR, spec
435e136 Package
3f24feb FreeBSD 11 compatibility
563b986 Funding

Release 2.8.1

Added all missing config options for the response time indexer:

• response_time_mode
• response_time_bucket_size
• response_time_max_queries
• response_time_full_mode
• response_time_max_seconds
• response_time_max_sec_mode

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.8.1.tar.gz
sha256: 5df26c12d2cb9a3bad99493b1b5390576ce4f43ca04483b08fe5a8c5bc72d370

Packages are available at: https://dev.dns-oarc.net/packages/

Commits:
36f0280 Response time config

Release 2.8.0

This release brings an new indexer response_time (funded by NIC.AT!), support for MaxMind DB (GeoIP2) and an option to set the DNS port.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.8.0.tar.gz
sha256: a8e7ee0063f1ac34f686bdba773ec209a0a974ccdf0e032ba10163800ec86880

Packages are available at: https://dev.dns-oarc.net/packages/

The new indexer response_time can track queries and report the time it took to receive the response in buckets of microseconds or in logarithmic scales (see response_time_mode). It will also report timeouts, missing queries (received a response but have never seen the query), dropped queries (due to memory limitations) and internal errors.

Here is an example output of log10 mode:

<array name="response_time" dimensions="2" start_time="1478727151"
    stop_time="1478727180">
  <dimension number="1" type="All"/>
  <dimension number="2" type="ResponseTime"/>
  <data>
    <All val="ALL">
      <ResponseTime val="100000-1000000" count="77"/>
      <ResponseTime val="10000-100000" count="42"/>
      <ResponseTime val="1000-10000" count="3"/>
      <ResponseTime val="missing_queries" count="1"/>
    </All>
  </data>
</array>

New configuration options:

• asn_indexer_backend: Control what backend to use for the ASN indexer
• country_indexer_backend: Control what backend to use for the country indexer
• maxminddb_asn: Specify database for ASN lookups using MaxMind DB
• maxminddb_country: Specify database for country lookups using MaxMind DB
• dns_port: Control the DNS port
• response_time_mode: Set the output mode of the response time indexer
• response_time_bucket_size: The size of bucket (microseconds)
• Following options exists to control internal aspects of response_time indexer, see man-page for more information:
  • response_time_max_queries
  • response_time_full_mode
  • response_time_max_seconds
  • response_time_max_sec_mode

Fixes:

• Add LGTM and fix alerts
• Update pcap_layers with fixes for scan-build warnings
• Fix port in debug output of DNS message, was showing server port on responses

Commits:
f38a655 License
48cd44e Man-page, interface any, response time
8b9345f LGTM Alert
e57a013 DNS port
38aa018 Response time statistics
7a60d53 Cleanup
5c45ce2 Copyright
0dc8a3c MaxMind DB (GeoIP2)
473387b LGTM, README, packages, scan-build

Release 2.7.0

Add support for Linux "cooked" capture encapsulation (DLT_LINUX_SLL).

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.7.0.tar.gz
sha256: eab7f79229a800087d96cb8bac39927558f1d512428d7825d5edb5f7064d2c31

Packages are available at: https://dev.dns-oarc.net/packages/

Fixes:

• grok_question(): Remove usage of strcpy()
• pcap_tcp_handler(): Use snprintf()
• printable_dnsname(): Use snprintf()
• Fix CID 104450, 186871

Commits:
41d59ac man-page HTML
476d6ed pcap_layers, CID
747131b Configure options
43c9ad0 DLT_LINUX_SLL
8a48667 Support the linux cooked sll frame
bd4a94f Fix CID 104450

Release 2.6.1

Compatibility fixes for FreeBSD 11.1+ which is now packing struct ip.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.6.1.tar.gz
sha256: e11019dc8cebd971bec420bb28dc97acc851dfd328c5d40bbf6b41df467db285

Packages are available at: https://dev.dns-oarc.net/packages/

Commits:
c0cd375 Handle compile warnings and FreeBSD's packing of structs
c528ccb Code formatting and moved external code to own directory

Release 2.6.0

Two new DNS filters and configuration for client subnet netmask has been added thanks to pull request submission from Manabu Sonoda (@mimuret), see man 5 dsc.conf for more details.

Due to submodules in the repository please download this tarball:
https://www.dns-oarc.net/files/dsc/dsc-2.6.0.tar.gz
sha256: 6f3e0036cb4a228a9f7c3ebb9d5c264d8dd21fe5a769bfae6d2ef43fac807b16

Packages are available at: https://dev.dns-oarc.net/packages/

New DNS filters:

• servfail-only: Count only SERVFAIL responses
• authentic-data-only: Count only DNS messages with the AD bit is set

New configuration:

• client_v4_mask: Set the IPv4 MASK for client_subnet INDEXERS
• client_v6_mask: Set the IPv6 MASK for client_subnet INDEXERS

Fixes:

• Set _DEFAULT_SOURCE, was giving compile warnings on some platforms
• Update pcap-thread to v2.1.3 for compatibility fixes
• Fix bug where extra " would be OK in configuration
• Eat all white-space between tokens in configuration
• Minor documentation corrections

Commits:
8a20421 Config parse quote/whitespace bug
4eb91d8 PR review and corrections
1dcdbc1 add supports statistics for DNSSEC validation resolver - SERVFAIL DNS message filter - AD bit DNS message filter - set custom mask for ClientSubnet
7c4ce7e Update pcap-thread to v2.1.3
f5d152c Corrected date
04f137d Prepare SPEC for OSB/COPR
402c242 Config header is generated by autotools