From: Michael Orlitzky Date: Thu, 22 Sep 2022 14:13:47 +0000 (-0400) Subject: djbdns/*.py: add all remaining mappings to QUERY_TYPE_NAME. X-Git-Tag: 0.0.1~1 X-Git-Url: https://gitweb.michael.orlitzky.com/?a=commitdiff_plain;h=19ec8900bbe23758c4ab2b731f4f6c3207c03ad3;p=djbdns-logparse.git djbdns/*.py: add all remaining mappings to QUERY_TYPE_NAME. The parser will now raise an exception if it encounters a type that does not have an entry in the dictionary. --- diff --git a/djbdns/common.py b/djbdns/common.py index 5ab9b5f..ef09a34 100644 --- a/djbdns/common.py +++ b/djbdns/common.py @@ -13,30 +13,96 @@ TIMESTAMP_PAT = r'[\d-]+ [\d:\.]+' # # https://en.wikipedia.org/wiki/List_of_DNS_record_types # -# Note that mapping here is non-exhaustive, and that tinydns will -# log responses for record types that it does not know about. +# This list *should* be exhaustive, and we hope it is, because the log +# parser will now crash if it encounters a type it doesn't know about. QUERY_TYPE_NAME = { 1: "a", 2: "ns", + 3: "md", + 4: "mf", 5: "cname", 6: "soa", + 7: "mb", + 8: "mg", + 9: "mr", + 10: "null", + 11: "wks", 12: "ptr", 13: "hinfo", + 14: "minfo", 15: "mx", 16: "txt", 17: "rp", + 18: "afsdb", + 19: "x25", + 20: "isdn", + 21: "rt", + 22: "nsap", + 23: "nsap-ptr", 24: "sig", 25: "key", + 26: "px", + 27: "gpos", 28: "aaaa", + 29: "loc", + 30: "nxt", + 31: "eid", + 32: "nimloc", 33: "srv", + 34: "atma", 35: "naptr", + 36: "kx", + 37: "cert", 38: "a6", + 39: "dname", + 40: "sink", + 41: "opt", + 42: "apl", + 43: "ds", + 44: "sshfp", + 45: "ipseckey", + 46: "rrsig", + 47: "nsec", 48: "dnskey", + 49: "dhcid", + 50: "nsec3", + 51: "nsec3param", 52: "tlsa", + 53: "smimea", + 55: "hip", + 56: "ninfo", + 57: "rkey", + 58: "talink", + 59: "cds", + 60: "cdnskey", + 61: "openpgpkey", + 62: "csync", + 63: "zonemd", + 64: "svcb", 65: "https", + 99: "spf", + 100: "uinfo", + 101: "uid", + 102: "gid", + 103: "unspec", + 104: "nid", + 105: "l32", + 106: "l64", + 107: "lp", + 108: "eui48", + 109: "euc64", + 249: "tkey", + 250: "tsig", + 251: "ixfr", 252: "axfr", + 253: "mailb", + 254: "maila", 255: "any", - 257: "caa" + 256: "uri", + 257: "caa", + 259: "doa", + 32768: "ta", + 32769: "dlv" } def convert_ip(ip : str) -> str: diff --git a/djbdns/dnscache.py b/djbdns/dnscache.py index 3dd6d5f..450dbd6 100644 --- a/djbdns/dnscache.py +++ b/djbdns/dnscache.py @@ -210,7 +210,7 @@ def decode_type(words : list, i : int): """ qt = words[i] - words[i] = QUERY_TYPE_NAME.get(int(qt), qt) + words[i] = QUERY_TYPE_NAME[int(qt)] def handle_dnscache_log(line : str) -> Optional[str]: r""" diff --git a/djbdns/tinydns.py b/djbdns/tinydns.py index 0b60a51..9635360 100644 --- a/djbdns/tinydns.py +++ b/djbdns/tinydns.py @@ -74,10 +74,9 @@ def handle_tinydns_log(line : str) -> Optional[str]: request_id = int(request_id, 16) # Convert the "type" field to a human-readable record type name - # using the query_type dictionary. If the right name isn't present - # in the dictionary, we use the (decimal) type id instead. - query_type = int(query_type, 16) # "001c" -> 28 - query_type = QUERY_TYPE_NAME.get(query_type, type) # 28 -> "aaaa" + # using the query_type dictionary. + query_type = int(query_type, 16) # "001c" -> 28 + query_type = QUERY_TYPE_NAME.get(query_type) # 28 -> "aaaa" line_tpl = "{timestamp} " diff --git a/doc/man1/djbdns-logparse.1 b/doc/man1/djbdns-logparse.1 index 05e6c75..9e3496c 100644 --- a/doc/man1/djbdns-logparse.1 +++ b/doc/man1/djbdns-logparse.1 @@ -97,8 +97,7 @@ The query type id is converted to the corresponding RFC-defined type name, as in https://en.wikipedia.org/wiki/List_of_DNS_record_types. While dnscache logs the id in decimal, tinydns records it in hexadecimal (for example, \(dq001c\(dq) necessitating a hex->decimal -conversion before we can look up its name. Decimal numbers with -no entry in the id->name mapping are output as-is. +conversion before we can look up its name. .P The following transformations are specific to tinydns: