Repository files navigation

dnsjit is a combination of parts taken fromdsc,dnscap,drool,and put together around Lua to create a script-based engine for easycapturing, parsing and statistics gathering of DNS messages while alsoproviding facilities for replaying DNS traffic.

One of the core functionality thatdnsjit brings is to tie together Cand Lua modules through a receiver/producer interface.This allows creation of custom chains of functionality to meet variousrequirements.Another core functionality is the ability to parse and process DNS messageseven if the messages are non-compliant with the DNS standards.

The following Lua module categories exists:

• dnsjit.core: Core modules for handling things like logging, DNS messages and receiver/receive functionality.
• dnsjit.lib: Various Lua libraries or C library bindings.
• dnsjit.input: Input modules used to read DNS messages in various ways.
• dnsjit.filter: Filter modules to process or manipulate DNS messages.
• dnsjit.output: Output modules used to display DNS message, export to various formats or replay them against other targets.

See each category's man-page for more information.

More information may be found here:

• https://www.dns-oarc.net/tools/dnsjit

Issues should be reported here:

• https://github.com/DNS-OARC/dnsjit/issues

General support and discussion:

• Mattermost:https://chat.dns-oarc.net/community/channels/oarc-software

https://dev.dns-oarc.net/packages

Packages for Debian, Ubuntu, EPEL, SLE, openSUSE can be found in thePRE-RELEASE channel. Some distributions are limited to certainarchitectures because of LuaJIT.

• libluajit 2.0+ (or compatible alternatives)
• libpcap
• liblmdb
• libck
• libgnutls
• liblz4
• libzstd
• luajit (for building)
• automake/autoconf/libtool/pkg-config (for building)

Debian/Ubuntu:apt-get install libluajit-5.1-dev libpcap-dev luajit liblmdb-dev libck-dev libgnutls28-dev liblz4-dev libzstd-dev

• Note: On Xenial you'll need to installlibzstd1-dev

CentOS:yum install luajit-devel libpcap-devel lmdb-devel ck-devel gnutls-devel lz4-devel libzstd-devel

• Note: You might need EPEL and/or PowerTools repositories enabled

FreeBSD:pkg install luajit libpcap lmdb gnutls concurrencykit zstd liblz4

OpenBSD:pkg_add luajit gnutls lz4 zstd + manual install of libpcap, liblmdb and libck

On some version of SUSE Linux Enterprise moonjit is used as an compatiblealternative to luajit.

git clone https://github.com/DNS-OARC/dnsjitcd dnsjitsh autogen.sh./configuremake

Most documentation exists in man-pages and you do not have to install toaccess them, after building you can do:

man src/dnsjit.1man src/dnsjit.core.3man src/dnsjit.lib.3man src/dnsjit.input.3man src/dnsjit.filter.3man src/dnsjit.output.3

Run a Lua script:

dnsjit file.lua ...

Shebang-style:

#!/usr/bin/env dnsjit...

Following example display the DNS ID found in queries.

require("dnsjit.core.objects")localinput=require("dnsjit.input.pcap").new()locallayer=require("dnsjit.filter.layer").new()localdns=require("dnsjit.core.object.dns").new()input:open_offline(arg[2])layer:producer(input)localproducer,ctx=layer:produce()whiletruedolocalobject=producer(ctx)ifobject==nilthenbreakendifobject:type()=="payload"thendns:reset()dns.obj_prev=objectifdns:parse_header()==0thenprint(dns.id)endendend

Disclaimer, to keep the above example short it only works on pre-preparedPCAPs with only UDP DNS traffic in them.

See more examples in theexamples directory.

Copyright (c) 2018-2024 OARC, Inc.

All rights reserved.

This file is part of dnsjit.dnsjit is free software: you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation, either version 3 of the License, or(at your option) any later version.dnsjit is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See theGNU General Public License for more details.You should have received a copy of the GNU General Public Licensealong with dnsjit.  If not, see <http://www.gnu.org/licenses/>.