Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-capture-format-07.txt
Richard Gibson <richard.j.gibson@oracle.com> Tue, 08 May 2018 19:27 UTC
Return-Path: <richard.j.gibson@oracle.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87B7312D95B for <dnsop@ietfa.amsl.com>; Tue, 8 May 2018 12:27:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XW8mgGn0s6IO for <dnsop@ietfa.amsl.com>; Tue, 8 May 2018 12:27:22 -0700 (PDT)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90E4E12DA6B for <dnsop@ietf.org>; Tue, 8 May 2018 12:27:22 -0700 (PDT)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w48JRLgL017560; Tue, 8 May 2018 19:27:21 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type; s=corp-2017-10-26; bh=xuK5Us8BjB5/9/gP1nSChOP0JhDbCLrYSDn0IVS13DY=; b=mA5NnUePgcgExgY4NE1isvrg5M44JJP1xZRrOz+9JLhLq8REnuVoRYGo82ojcAMWEwuV Vavp5bG9FXpgZxtSaftn/HhAwlOygikVA7fbW9DmXDcGQ2CsAiwjrDY+BsCETUdV+RT4 uDtQnfAs5fRYVmh4/hpqM5QxYZ0/XBhLbvELG5Luq1/owBJ+gALKLM0vc8yzHtVRm07u mC8z2wA//FNu4dHINoQtjImuwQMMDNpoE58b1z1T5j8ZfvvLQPZWfhlpHG1qOTO8bkms C9PE/cgWtXRdMHTBB1mA02h0lcKQdzYIIcIIO8BhW9Jeq6scNsfKSbVVXh0R1eY3AZxS AQ==
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2hs4k2a6rb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 08 May 2018 19:27:21 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w48JRKXN014568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 8 May 2018 19:27:20 GMT
Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w48JRJEF029361; Tue, 8 May 2018 19:27:19 GMT
Received: from [172.16.4.199] (/216.146.45.242) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 08 May 2018 12:27:19 -0700
To: Sara Dickinson <sara@sinodun.com>, dnsop <dnsop@ietf.org>
References: <152579765711.16165.7769182780480113351@ietfa.amsl.com> <9F865FF8-7129-4B45-A3EE-EAC21D8FB79E@sinodun.com>
From: Richard Gibson <richard.j.gibson@oracle.com>
Message-ID: <6bbfb72d-fd4d-1094-90c5-7bb762f97a25@oracle.com>
Date: Tue, 08 May 2018 15:27:11 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <9F865FF8-7129-4B45-A3EE-EAC21D8FB79E@sinodun.com>
Content-Type: multipart/alternative; boundary="------------E19A96A7A02DA529835DE83C"
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8887 signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805080184
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/in-7bC5T7NHkaMfWuUSQFoyQQCg>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-capture-format-07.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 19:27:26 -0000
This update addresses all of my earlier comments with the exception of implementation-specific extension data using namespaced string keys (as opposed to negative-integer keys)—which I assume to be intentional because of the "String keys would significantly bloat the file size" text in Section 7.1—and the ability to support variable truncation of IP addresses—particularly for identifying the full addresses of responders while truncating the addresses of requestors, but also for retaining more requestor precision in some subnets than others. This format in its present state /can/ work for my organization, but the second gap in particular means we'll be manually hacking around those deficiencies by e.g. representing 192.0.2.0/24 as 192.0.2.0/32 in order to fully specify 198.51.100.42/32. On 05/08/2018 12:55 PM, Sara Dickinson wrote: > Hi All, > > This update addresses the following issues: > > * Resolve outstanding questions and TODOs > * Make RR RDATA optional > * Update matching diagram and explain skew > * Add count of discarded messages to block statistics > * Editorial clarifications and improvements > > Regards > > Sara. > >> On 8 May 2018, at 17:40, internet-drafts@ietf.org wrote: >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the Domain Name System Operations WG of the IETF. >> >> Title : C-DNS: A DNS Packet Capture Format >> Authors : John Dickinson >> Jim Hague >> Sara Dickinson >> Terry Manderson >> John Bond >> Filename : draft-ietf-dnsop-dns-capture-format-07.txt >> Pages : 64 >> Date : 2018-05-08 >> >> Abstract: >> This document describes a data representation for collections of DNS >> messages. The format is designed for efficient storage and >> transmission of large packet captures of DNS traffic; it attempts to >> minimize the size of such packet capture files but retain the full >> DNS message contents along with the most useful transport metadata. >> It is intended to assist with the development of DNS traffic >> monitoring applications. >> >> >> The IETF datatracker status page for this draft is: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Ddnsop-2Ddns-2Dcapture-2Dformat_&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=-u1MK57BW5D8-4pRW93F3iGOeUleCbk_ZcBsHqaJ9t8&e= >> >> There are also htmlized versions available at: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Ddnsop-2Ddns-2Dcapture-2Dformat-2D07&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=C3JyMunVCDkuQmIVefLLP1pxe8CEegg7nfoL1klK_To&e= >> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Ddnsop-2Ddns-2Dcapture-2Dformat-2D07&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=wyWytvxkoi319adauctYZq3PVsUMYE-kzBYRzKivPjU&e= >> >> A diff from the previous version is available at: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dietf-2Ddnsop-2Ddns-2Dcapture-2Dformat-2D07&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=JlUS92uQuF7x5Xjb75Uxjp6fMTaaoEAux_ZacxCvN_U&e= >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=L3Jo61TkqDrhjdg5YB-37i96KK9yh5WVilrcK6DUj9Y&e= >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=1OG0b26AkBwGSkwxhcNHmA2EPht8H6ZYV2sgkIfomRE&e= > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=0BgV4idHXk65D0rJj2ono9LsU6Y9Xut-Y3K4CCQIGYo&s=1OG0b26AkBwGSkwxhcNHmA2EPht8H6ZYV2sgkIfomRE&e=
- [DNSOP] I-D Action: draft-ietf-dnsop-dns-capture-… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-capt… Sara Dickinson
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-capt… Richard Gibson
- [DNSOP] I-D Action: draft-ietf-dnsop-dns-capture-… Jim Hague