Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-capture-format-05.txt

Sara Dickinson <sara@sinodun.com> Thu, 22 February 2018 12:31 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C120F12EA81 for <dnsop@ietfa.amsl.com>; Thu, 22 Feb 2018 04:31:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wAYR_c2H-AFs for <dnsop@ietfa.amsl.com>; Thu, 22 Feb 2018 04:31:32 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F26D126C2F for <dnsop@ietf.org>; Thu, 22 Feb 2018 04:31:32 -0800 (PST)
Received: from [2001:b98:204:102:fffa::1c10] (port=59294) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <sara@sinodun.com>) id 1eoq27-0004MN-79 for dnsop@ietf.org; Thu, 22 Feb 2018 12:31:31 +0000
From: Sara Dickinson <sara@sinodun.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Date: Thu, 22 Feb 2018 12:31:29 +0000
References: <151930246857.21149.14743687777831082425@ietfa.amsl.com>
To: IETF DNSOP WG <dnsop@ietf.org>
In-Reply-To: <151930246857.21149.14743687777831082425@ietfa.amsl.com>
Message-Id: <522CCFCA-F01F-4D68-A7FB-D14B0F14C07D@sinodun.com>
X-Mailer: Apple Mail (2.3445.4.7)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Jz0EYPUl053DlYpjDYMY5E_El4M>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-capture-format-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2018 12:31:35 -0000

Hi Folks, 

We have an update to draft which we hope captures all the comments to-date. 

- Make all data items in Q/R, QuerySignature and Malformed Message arrays optional
- Re-structure the FilePreamble and ConfigurationParameters into BlockParameters
- BlockParameters has separate Storage and Collection Parameters
- Storage Parameters includes information on what optional fields are present, and flags specifying anonymisation or sampling
- Addresses can now be stored as prefixes.
- Switch to using a variable sub-second timing granularity
- Add response bailiwick and query response type
- Add specifics of how to record malformed messages
- Add implementation guidance
- Improve terminology and naming consistency

There are still a number of ‘QUESTIONS’ in the draft that we would appreciate feedback on. 

Regards

Sara. 

> On 22 Feb 2018, at 12:27, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>        Title           : C-DNS: A DNS Packet Capture Format
>        Authors         : John Dickinson
>                          Jim Hague
>                          Sara Dickinson
>                          Terry Manderson
>                          John Bond
> 	Filename        : draft-ietf-dnsop-dns-capture-format-05.txt
> 	Pages           : 62
> 	Date            : 2018-02-22
> 
> Abstract:
>   This document describes a data representation for collections of DNS
>   messages.  The format is designed for efficient storage and
>   transmission of large packet captures of DNS traffic; it attempts to
>   minimize the size of such packet capture files but retain the full
>   DNS message contents along with the most useful transport metadata.
>   It is intended to assist with the development of DNS traffic
>   monitoring applications.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-capture-format/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-dns-capture-format-05
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-capture-format-05
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-capture-format-05
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop