#!/usr/bin/perl -p # From: silence-dns@nilpotent.org (Faried Nawaz) # To: dns@list.cr.yp.to # Subject: Re: documentation? # Date: 10 Apr 2000 19:19:37 +0500 # # Brian Kifiak writes: # # I haven't been able to find any documentation regarding the logging # format used by the tools in the DNSCache package. Some of it is # fairly intuitive but I'm unsure of other parts (ie '7f000...' in above # example). Is it documented? # # Try the attached script. I usually run it as # # tail -F /etc/dnscache/log/main/current | tai64nlocal | dnscache-log.pl # strip off the year and the extra tai64 stuff. s/^\d{4}-(\d\d-\d\d) (\d\d:\d\d:\d\d).(\d*)/$1 $2/; # convert addresses in hex to dotted decimal notation. s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg; # strip out length from sent messages. # sent slot-id length s/sent (\d+) \d+/sent $1/; ### clean up some messages # tx gluelessness qtype thing domain where. s/tx (\d+) (\d+) (\S+) (\S+) (.*)/"tx $1 " . queryType($2) . " $3 $4 $5"/e; # nodata server ttl qtype thing. s/nodata (\S+) (\d+) (\d+) (\S+)/"nodata $1 " . queryType($2) . " $3 $4"/e; # cached qtype info. s/cached (\d+)/"cached " . queryType($1)/e; # convert stuff like 127.0.0.2:0422:05be 1 to something more descriptive. # query slot-id host:port qid qtype thing s/\b([\d.]+):(\w+):(\w+) (\d+) ([-.\w]+)/printQueryLine($1, $2, $3, $4, $5)/e; # convert rr messages. s/rr (\S+) (\d+) (\S+) (\S+) (\S+)/printRRLine($1, $2, $3, $4, $5)/e; ### subs sub printQueryLine { my ($host, $port, $query_id, $query_type, $query) = @_; # pad hostname my $ret = "$host:"; $ret .= hex($port); $ret .= ":" . hex($query_id); $ret .= " " . queryType($query_type) . " $query"; return $ret; } sub printRRLine { my ($host, $ttl, $query_type, $thing, $data) = @_; my $ret = "rr "; $ret .= "$host " . padd(6, $ttl) . " "; $ret .= queryType($query_type) . " $thing "; if ($query_type == 16) { # it's a txt record # the first byte is the length. we skip it. $data = substr($data, 2); $ret .= "\"" . unpack("A*", pack("H*", $data)) . "\""; } else { $ret .= "$data"; } return $ret; } sub queryType { my ($type) = shift; my $ret = ""; # i only list the ones that are in dnscache's dns.h. SWITCH: { ($type == 1) && do { $ret = "a"; last SWITCH; }; ($type == 2) && do { $ret = "ns"; last SWITCH; }; ($type == 5) && do { $ret = "cname"; last SWITCH; }; ($type == 6) && do { $ret = "soa"; last SWITCH; }; ($type == 12) && do { $ret = "ptr"; last SWITCH; }; ($type == 13) && do { $ret = "hinfo"; last SWITCH; }; ($type == 15) && do { $ret = "mx"; last SWITCH; }; ($type == 16) && do { $ret = "txt"; last SWITCH; }; ($type == 17) && do { $ret = "rp"; last SWITCH; }; ($type == 24) && do { $ret = "sig"; last SWITCH; }; ($type == 25) && do { $ret = "key"; last SWITCH; }; ($type == 28) && do { $ret = "aaaa"; last SWITCH; }; ($type == 252) && do { $ret = "axfr"; last SWITCH; }; ($type == 255) && do { $ret = "any"; last SWITCH; }; do { $ret .= "$type "; last SWITCH; }; } return $ret; } # there has to be a better way sub pads { my ($amount, $item) = @_; return sprintf "%" . $amount . "s", $item; } sub padd { my ($amount, $item) = @_; return sprintf "%0" . $amount . "d", $item; }