Log processing scripts for tinydns / axfrdns

[mjd-list-dns@plover.com (Mark Dominus)]

The tinydns script translates:

        @4000000045527c78280a639c d1f40592:95da:94ca + 000f plover.com
        @4000000045527c78352c5f94 d41b35cb:4313:b366 + 0001 plover.com


To:

        Wed Nov  8 19:55:10 2006 ics3.Atlanta1.Level3.net 38362 38090 mx 
plover.com
        Wed Nov  8 19:55:10 2006 dnscache-1-b7.bzn.proxad.net 17171 45926 a 
plover.com


The axfrdns script translates:

        @40000000454ecb7608eafb5c cff55202:9833:56ac 00fb mjdomin.us
        @40000000454ecb7612e89d44 cff55202:9834:56ad 0006 mjdomin.us
        @40000000454ecb761c33045c cff55202:9834:56ae 00fc mjdomin.us


To:

        Mon Nov  6 00:43:08 2006 ns2.dca.net 38963 22188 251 mjdomin.us
        Mon Nov  6 00:43:08 2006 ns2.dca.net 38964 22189 SOA mjdomin.us
        Mon Nov  6 00:43:08 2006 ns2.dca.net 38964 22190 AXFR mjdomin.us


Both scripts accept a "-n" option to suppress address-to-name translation.

Corrections and suggestions will be gratefully received.


================================================================ tinydns

#!/usr/bin/perl


if ($ARGV[0] eq "-n") {
  $NONAMES = shift;
} else {
  require Socket;
  Socket->import("inet_aton", 'AF_INET');
}

@ARGV = '/service/tinydns/log/main/current' 
  if @ARGV == 0 && -t STDIN;

%typename = (1 => "a", 16 => "txt", 15 => "mx", 2 => "ns",
             6 => "soa", 5 => "cname", 12 => "ptr", 13 => "hinfo",
             24 => "sig", 25 => "key", 28 => "aaaa", 38 => "a6");

$|=1;

while (<>) {
  chomp;
  my ($tai64, $addrport, $result, $type, $name) = split;
  my $time = timecvt($tai64);
  if (! defined $name) {
    ($tai64, my $rest) = split /\s+/, $_, 2;    
    print "$time $rest\n";
    next;
  }
  my ($addr, $local, $qid) = split /:/, $addrport;
  $addr = join ".", map hex(substr($addr, $_*2, 2)), 0..3;
  $local = hex($local);
  $qid = hex($qid);
  $type = hex($type);
  $type = $typename{$type} || $type;

  unless ($NONAMES) {
    my $host = gethostbyaddr(inet_aton($addr), AF_INET());
    $addr = $host if defined $host;
  }

  print "$time $addr $local $qid $type $name\n";
}

sub timecvt {
  my $tai = shift;
  if (my ($sec, $msec) = $tai =~ /^\@.{8}(.{8})(.{8})/) {
    return scalar localtime(hex($sec) + hex($msec)/(1<<31)/2 - 10);
  } else { return "????" }
}

================================================================ axfrdns

#!/usr/bin/perl

if ($ARGV[0] eq "-n") {
  $NONAMES = shift;
} else {
  require Socket;
  Socket->import("inet_aton", 'AF_INET');
}

@ARGV = '/service/axfrdns/log/main/current' 
  if @ARGV == 0 && -t STDIN;

%typename = (1 => "A", 2 => "NS", 5 => "CNAME", 6 => "SOA",
             12 => "PTR", 13 => "HINFO", 15 => "MX", 16 => "TXT",
             17 => "RP", 24 => "SIG", 25 => "KEY", 28 => "AAAA",
             252 =>  "AXFR", 255 => "ANY", 
            );

$|=1;

while (<>) {
  
  chomp;
  my ($tai64, $remote, $type, $zone) = split / /, $_, 4;
  my ($addr, $port, $qid) = split /:/, $remote;
  next if $remote eq "tcpserver:";
  my $time = timecvt($tai64);
  $addr = join ".", map hex(substr($addr, $_*2, 2)), 0..3;
  $_ = hex for $port, $qid, $type;
  $type = $typename{$type} || $type;

  unless ($NONAMES) {
    my $host = gethostbyaddr(inet_aton($addr), AF_INET());
    $addr = $host if defined $host;
  }

  # Time remote-host remote-port request-type zone-requested
  print "$time $addr $port $qid $type $zone\n";
}

sub timecvt {
  my $tai = shift;
  if (my ($sec, $msec) = $tai =~ /^\@.{8}(.{8})(.{8})/) {
    return scalar localtime(hex($sec) + hex($msec)/(1<<31)/2 - 10);
  } else { return "????" }
}