From 37e5dc58f1c9e53ce127a9f23730e33372b2574b Mon Sep 17 00:00:00 2001 From: D Waitzman Date: Wed, 10 Mar 2021 22:01:21 -0500 Subject: [PATCH] remove probe. version 2.5.3 (#173) * Removed probe feature. * Add note: not all passive DNS systems or versions of those system implement the same query features. * Remove unreached error msg * version 2.5.3 * Renamed existing "dnsdb" system to be "dnsdb1". Made "dnsdb" be an alias for "dnsdb2". Restructured parts of the man page * Update Copyright year to 2021 * Remove stray character --- README | 2 +- defs.h | 6 ++++++ dnsdbq.c | 5 ++--- dnsdbq.man | 49 ++++++++++++++++++++++------------------- globals.h | 2 +- pdns.c | 25 ++++++--------------- pdns.h | 12 ----------- pdns_circl.c | 3 +-- pdns_dnsdb.c | 61 ++++++---------------------------------------------- pdns_dnsdb.h | 2 +- 10 files changed, 51 insertions(+), 116 deletions(-) diff --git a/README b/README index 17e51bf..58d8469 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 by Farsight Security, Inc. + * Copyright (c) 2014-2021 by Farsight Security, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/defs.h b/defs.h index 0f73b96..7c2ae89 100644 --- a/defs.h +++ b/defs.h @@ -31,7 +31,13 @@ #define CRIPPLED_LIBC 1 #endif /* __CYGWIN__ */ +#if WANT_PDNS_DNSDB #define DEFAULT_SYS "dnsdb2" +#elif WANT_PDNS_CIRL +#define DEFAULT_SYS "circl" +#else +#error "No passive DNS system defined" +#endif #define DEFAULT_VERB 0 #define MAX_JOBS 8 #define DNSDBQ_SYSTEM "DNSDBQ_SYSTEM" diff --git a/dnsdbq.c b/dnsdbq.c index dcb46ad..40130a8 100644 --- a/dnsdbq.c +++ b/dnsdbq.c @@ -501,13 +501,12 @@ main(int argc, char *argv[]) { #if WANT_PDNS_DNSDB /* the json output files are in COF format, never SAF. */ if (strcmp(psys->name, "dnsdb2") == 0) - pick_system("dnsdb", "downgrade for -J"); + pick_system("dnsdb1", "downgrade for -J"); #endif NULL; } else { make_curl(); - if (!psys_specified) - pdns_probe(); + assert(psys_specified); } /* validate some interrelated options. */ diff --git a/dnsdbq.man b/dnsdbq.man index b2e1869..42e8e2a 100644 --- a/dnsdbq.man +++ b/dnsdbq.man @@ -43,19 +43,20 @@ .Op Fl V Ar verb .Sh DESCRIPTION .Nm dnsdbq -constructs and issues queries to Passive DNS systems which return -data in the IETF Passive DNS Common Output Format. Farsight Security's -DNSDB is one such system. -.Nm dnsdbq -displays responses in various formats. It is commonly used as a -production command line interface to such systems. -.Pp -Its default query type is a "lookup" query. As an option, it can -issue a "summarize" query type. +constructs and issues queries to Passive DNS systems which return data +in the IETF Passive DNS Common Output Format. It is commonly used as +a production command line interface to such systems. .Pp -Farsight Security's DNSDB system implements both APIv1 and APIv2 interfaces. -APIv1 is accessed by specifying system "dnsdb." APIv2 is accessed by -specifying system "dnsdb2". +.Nm dnsdbq +displays responses in various formats. Its default query type is a +"lookup" query. As an option, it can issue a "summarize" query type. +Different Passive DNS systems or versions of those systems may +implement different query features. +.Sh FARSIGHT SECURITY'S "DNSDB" +Farsight Security's "DNSDB" is one such Passive DNS system. DNSDB +implements both APIv1 and APIv2 interfaces. APIv1 is accessed by +specifying system "dnsdb1". APIv2 is accessed by specifying system +"dnsdb2". .Pp You'll need to get an API key from Farsight to use .Ic dnsdbq @@ -386,7 +387,11 @@ including ANY. A special-case supported in DNSDB is ANY-DNSSEC, which matches on DS, RRSIG, NSEC, DNSKEY, NSEC3, NSEC3PARAM, and DLV resource record types. .It Fl u Ar server_sys -specifies the syntax of the RESTful URL, default is "dnsdb". +specifies the Passive DNS system and thus its syntax for RESTful URLs. +Can be "dnsdb", "dnsdb1", "dnsdb2", or "circl". "dnsdb" is an alias +for "dnsdb2". If unset, +.Nm dnsdbq +will use a default. .It Fl V Ar verb The verb to perform, i.e. the type of query, either "lookup" or "summarize". The default is the "lookup" verb. As an option, you can @@ -569,19 +574,19 @@ configuration file which can specify the API key and server URL. The first of these which is readable will be used, alone, in its entirety. The variables which can be set are as follows: .Bl -tag -width ".Ev DNSDB_API_KEY , APIKEY" +.It Ev DNSDBQ_SYSTEM +contains the default value for the +.Fl u +option described above. .It Ev DNSDB_API_KEY , APIKEY -contains the user's apikey (no default). +contains the user's DNSDB apikey (no default). .It Ev DNSDB_SERVER -contains the URL of the DNSDB API server (default is https://api.dnsdb.info), -and optionally the URI prefix for the database (default is "/lookup"). +contains the URL of the DNSDB API server (default is +https://api.dnsdb.info), and optionally the URI prefix for the +database. The default URI prefix for system "dnsdb2" is +"/dnsdb/v2/lookup"; the default for "dnsdb1" is "/lookup". .It Ev CIRCL_AUTH , CIRCL_SERVER enable access to a passive DNS system compatible with the CIRCL.LU system. -.It Ev DNSDBQ_SYSTEM -contains the default value for the -.Fl u -option described above. Can be "dnsdb", "dnsdb2", or "circl". If unset, -.Nm dnsdbq -will probe for any configured system. .El .Sh ENVIRONMENT The following environment variables override the configuration file: diff --git a/globals.h b/globals.h index 22ef9a7..6952113 100644 --- a/globals.h +++ b/globals.h @@ -33,7 +33,7 @@ extern const struct verb verbs[]; #endif EXTERN const char id_swclient[] INIT("dnsdbq"); -EXTERN const char id_version[] INIT("2.5.2"); +EXTERN const char id_version[] INIT("2.5.3"); EXTERN const char *program_name INIT(NULL); EXTERN const char path_sort[] INIT("/usr/bin/sort"); EXTERN const char json_header[] INIT("Accept: application/json"); diff --git a/pdns.c b/pdns.c index 447154d..faef4ca 100644 --- a/pdns.c +++ b/pdns.c @@ -912,20 +912,6 @@ data_blob(query_t query, const char *buf, size_t len) { return (ret); } -/* pdns_probe -- maybe probe and switch to a reachable and functional psys. - */ -void -pdns_probe(void) { - while (psys->next != NULL && !psys->probe()) { - pick_system(psys->next()->name, "downgrade from probe"); - if (!quiet) - fprintf(stderr, - "probe failed, downgrading to '%s', " - "consider changing -u or configuration.\n", - psys->name); - } -} - /* pick_system -- find a named system descriptor, return t/f as to "found?" * * returns if psys != NULL, or exits fatally otherwise. @@ -937,9 +923,10 @@ pick_system(const char *name, const char *context) { DEBUG(1, true, "pick_system(%s)\n", name); #if WANT_PDNS_DNSDB - if (strcmp(name, "dnsdb") == 0) - tsys = pdns_dnsdb(); - if (strcmp(name, "dnsdb2") == 0) + if (strcmp(name, "dnsdb1") == 0) + tsys = pdns_dnsdb1(); + /* "dnsdb" is an alias for "dnsdb2". */ + if (strcmp(name, "dnsdb2") == 0 || strcmp(name, "dnsdb") == 0) tsys = pdns_dnsdb2(); #endif #if WANT_PDNS_CIRCL @@ -993,8 +980,8 @@ read_config(const char *cf) { "echo dnsdbq system ${" DNSDBQ_SYSTEM ":-" DEFAULT_SYS "};" #if WANT_PDNS_DNSDB - "echo dnsdb apikey ${DNSDB_API_KEY:-$APIKEY};" - "echo dnsdb server $DNSDB_SERVER;" + "echo dnsdb1 apikey ${DNSDB_API_KEY:-$APIKEY};" + "echo dnsdb1 server $DNSDB_SERVER;" "echo dnsdb2 apikey ${DNSDB_API_KEY:-$APIKEY};" "echo dnsdb2 server $DNSDB_SERVER;" #endif diff --git a/pdns.h b/pdns.h index c9a331d..d9b5311 100644 --- a/pdns.h +++ b/pdns.h @@ -67,17 +67,6 @@ struct pdns_system { /* what encapsulation does this system speak? */ encap_e encap; - /* what's our downgrade path if this system doesn't function - * (respond positively to a probe)? may be NULL if there is no - * downgrade available. - */ - const struct pdns_system * (*next)(void); - - /* to probe if this system reachable and functional. will be - * NULL whenever "next" (see above) is NULL. - */ - bool (*probe)(void); - /* start creating a URL corresponding to a command-path string. * first argument is the input URL path. * second is an output parameter pointing to the separator character @@ -176,7 +165,6 @@ void tuple_unmake(pdns_tuple_t); struct counted *countoff(const char *, size_t); char *reverse(const char *); int data_blob(query_t, const char *, size_t); -void pdns_probe(void); void pick_system(const char *, const char *); void read_config(const char *cf); diff --git a/pdns_circl.c b/pdns_circl.c index a42e7d0..c570254 100644 --- a/pdns_circl.c +++ b/pdns_circl.c @@ -39,8 +39,7 @@ static char *circl_authinfo = NULL; static const struct pdns_system circl = { "circl", "https://www.circl.lu/pdns/query", encap_cof, - NULL, NULL, circl_url, NULL, - circl_auth, circl_status, circl_verb_ok, + circl_url, NULL, circl_auth, circl_status, circl_verb_ok, circl_setval, circl_ready, circl_destroy }; diff --git a/pdns_dnsdb.c b/pdns_dnsdb.c index 2044f19..5c36521 100644 --- a/pdns_dnsdb.c +++ b/pdns_dnsdb.c @@ -59,7 +59,6 @@ typedef struct rate_tuple *rate_tuple_t; /* forwards. */ -static bool dnsdb2_probe(void); static const char *dnsdb_setval(const char *, const char *); static const char *dnsdb_ready(void); static void dnsdb_destroy(void); @@ -85,17 +84,15 @@ static char *dnsdb_base_url = NULL; static const char dnsdb2_url_prefix[] = "/dnsdb/v2"; -static const struct pdns_system dnsdb = { - "dnsdb", "https://api.dnsdb.info", encap_cof, - NULL, NULL, dnsdb_url, dnsdb_info, - dnsdb_auth, dnsdb_status, dnsdb_verb_ok, +static const struct pdns_system dnsdb1 = { + "dnsdb1", "https://api.dnsdb.info", encap_cof, + dnsdb_url, dnsdb_info, dnsdb_auth, dnsdb_status, dnsdb_verb_ok, dnsdb_setval, dnsdb_ready, dnsdb_destroy }; static const struct pdns_system dnsdb2 = { "dnsdb2", "https://api.dnsdb.info/dnsdb/v2", encap_saf, - pdns_dnsdb, dnsdb2_probe, dnsdb_url, dnsdb_info, - dnsdb_auth, dnsdb_status, dnsdb_verb_ok, + dnsdb_url, dnsdb_info, dnsdb_auth, dnsdb_status, dnsdb_verb_ok, dnsdb_setval, dnsdb_ready, dnsdb_destroy }; @@ -103,8 +100,8 @@ static const struct pdns_system dnsdb2 = { */ pdns_system_ct -pdns_dnsdb(void) { - return &dnsdb; +pdns_dnsdb1(void) { + return &dnsdb1; } pdns_system_ct @@ -115,52 +112,6 @@ pdns_dnsdb2(void) { /*---------------------------------------------------------------- private */ -static void -dnsdb2_pingback(writer_t writer) { - DEBUG(1, true, "dnsdb2_pingback: %*.*s", - writer->ps_len, writer->ps_len, writer->ps_buf); -} - -/* dnsdb2_probe() -- check that this server understands APIv2 - */ -static bool -dnsdb2_probe(void) { - query_t query = NULL; - writer_t writer; - fetch_t fetch; - bool ret; - - DEBUG(1, true, "dnsdb2_probe()\n"); - - /* start a meta_query writer. */ - writer = writer_init(qparam_empty.output_limit, dnsdb2_pingback, true); - - /* create a rump query. */ - CREATE(query, sizeof(struct query)); - query->writer = writer; - query->command = strdup("ping"); - writer->queries = query; - - /* start a ping. */ - fetch = create_fetch(query, - dnsdb_url(query->command, NULL, &qparam_empty, - &(struct pdns_fence){}, true)); - - /* run all jobs to completion. */ - io_engine(0); - - /* probe success? */ - ret = (fetch->rcode == HTTP_OK); - if (ret) { - DEBUG(1, true, "Test shows this is a DNSDB APIv2 endpoint\n"); - } - - /* stop the writer. */ - writer_fini(writer); - - return (ret); -} - /* dnsdb_setval() -- install configuration element */ static const char * diff --git a/pdns_dnsdb.h b/pdns_dnsdb.h index d5268ac..5d57e13 100644 --- a/pdns_dnsdb.h +++ b/pdns_dnsdb.h @@ -18,7 +18,7 @@ #define PDNS_DNSDB_H_INCLUDED 1 #if WANT_PDNS_DNSDB -pdns_system_ct pdns_dnsdb(void); +pdns_system_ct pdns_dnsdb1(void); pdns_system_ct pdns_dnsdb2(void); #endif