In your letter dated Mon, 5 Sep 2016 15:47:37 +0800 you wrote:
>Finally, I note that the RIPE Atlas system uses a type of DNS JSON
>representation when you use their API to query for DNS measurement
>results. You can get a sample here:
>
>https://atlas.ripe.net/api/v2/measurements/5009360/results?start=3D14728608=
>00&stop=3D1472947199&format=3Dtxt
>
>The RIPE Atlas results match your proposal pretty well - you can see
>it in the "results" object there - although they use "abuf" instead of
>"messageOctets!".
What you are referring is sort of the unofficial Atlas format. This what Atlas
probes
provide. The real format is the 'abuf decoder' in Sagan.
Here's an example of the output of the abuf decoder, when converted to JSON (by
itself the abuf decoder results in python objects):
{"HEADER": {"AA": true, "QR": true, "AD": false, "NSCOUNT": 1, "QDCOUNT": 1,
"ANCOUNT": 0, "TC": false, "RD": false, "ARCOUNT": 1, "CD": false,
"ReturnCode": "NXDOMAIN", "OpCode": "QUERY", "RA": false, "Z": 0, "ID": 36316},
"AuthoritySection": [{"Retry": 900, "Name": ".", "NegativeTtl": 86400,
"Refresh": 1800, "MasterServerName": "www.yeti-dns.org.", "Expire": 604800,
"MaintainerName": "hostmaster.yeti-dns.org.", "TTL": 86400, "Serial":
2016050801, "Type": "SOA", "Class": "IN", "RDlength": 51}], "QuestionSection":
[{"Qclass": "IN", "Qtype": "SOA", "Qname": "yetiroot."}], "EDNS0":
{"ExtendedReturnCode": 0, "Option": [{"OptionCode": 3, "OptionName": "NSID",
"NSID": "dahu1.yeti.eu.org", "OptionLength": 17}], "UDPsize": 4096, "Version":
0, "Z": 0, "Type": "OPT", "Name": "."}}
Two obvious differences are the use of 'true' and 'false' for boolean bit
fields and
the use of names ("Class": "IN") instead of a number of a name.
I'd like to point out the DNSSEC tends to use base64. So we also use that, for
example:
{"AuthoritySection": [{"Target": "sec3.apnic.net.", "TTL": 2941, "Type": "NS",
"Class": "IN", "RDlength": 13, "Name": "ripe.net."}, {"Target":
"pri.authdns.ripe.net.", "TTL": 2941, "Type": "NS", "Class": "IN", "RDlength":
14, "Name": "ripe.net."}, {"Target": "tinnie.arin.net.", "TTL": 2941, "Type":
"NS", "Class": "IN", "RDlength": 14, "Name": "ripe.net."}, {"Target":
"sns-pb.isc.org.", "TTL": 2941, "Type": "NS", "Class": "IN", "RDlength": 16,
"Name": "ripe.net."}, {"Target": "sec1.apnic.net.", "TTL": 2941, "Type": "NS",
"Class": "IN", "RDlength": 7, "Name": "ripe.net."}, {"Target": "ns3.nic.fr.",
"TTL": 2941, "Type": "NS", "Class": "IN", "RDlength": 12, "Name": "ripe.net."},
{"KeyTag": 11587, "Name": "ripe.net.", "Algorithm": 5, "SignerName":
"ripe.net.", "Labels": 2, "Signature":
"C4WMH46cBWT/hhWvVrStIdXrqHA2fwfphGkx9+6wbss+mHg8mbfKvaFfcg43/MZh/PwdyAQkRN8I+v/OZ1JA3Gt3KvDc00PebtQZBYlXxssZVNtcx45DG5a3M/RGzhqjM5hfuigLmghIEhuvMhtrhmC4WS/7B3KrYOenFQUJmxk=",
"Class": "IN", "TTL": 2941, "O
riginalTTL": 3600, "SignatureInception": 1403074827, "SignatureExpiration":
1405670427, "Type": "RRSIG", "TypeCovered": "NS", "RDlength": 156}],
"QuestionSection": [{"Qclass": "IN", "Qtype": "A", "Qname": "www.ripe.net."}],
"AdditionalSection": [{"Name": "pri.authdns.ripe.net.", "TTL": 1688, "Address":
"193.0.9.5", "Type": "A", "Class": "IN", "RDlength": 4}, {"Name":
"pri.authdns.ripe.net.", "TTL": 1688, "Address": "2001:67c:e0:0:0:0:0:5",
"Type": "AAAA", "Class": "IN", "RDlength": 16}], "HEADER": {"AA": false, "QR":
true, "AD": true, "NSCOUNT": 7, "QDCOUNT": 1, "ANCOUNT": 2, "TC": false, "RD":
true, "ARCOUNT": 5, "CD": false, "ReturnCode": "NOERROR", "OpCode": "QUERY",
"RA": true, "Z": 0, "ID": 22575}, "ERROR": [["_do_rr", 576, "offset out of
range: buf size = 576"], ["additional", 574, "_do_rr failed, additional record
2"]], "AnswerSection": [{"Name": "www.ripe.net.", "TTL": 20941, "Address":
"193.0.6.139", "Type": "A", "Class": "IN", "RDlength": 4}, {"KeyTag": 11587,
"Name": "www
.ripe.net.", "Algorithm": 5, "SignerName": "ripe.net.", "Labels": 3,
"Signature":
"I7lQZF9ia3X83KTY01/orh3qRqAS0BYeozB7SZ/juSk0RfeTngWoIIkLzvbBV11ORrmr93FkH5xPrPtT9Wf4c0QAqZRN+RyyP8K5JaMI4TGT9cc2mAS5Gf8elg2c/fI2LvIMjVXKpkxMcEh/bSrbpBiS8tjR8z2p60CWOir0sE0=",
"Class": "IN", "TTL": 20941, "OriginalTTL": 21600, "SignatureInception":
1403074827, "SignatureExpiration": 1405670427, "Type": "RRSIG", "TypeCovered":
"A", "RDlength": 156}]}
Another thing worth pointing out is that getdns has its own set of field names
for
representing DNS. So it may be worth aligning this document as much as possible
with getdns.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
