Develop DNS exporting toolset for the Microsoft Windows platform
The currently used tool to export data from recursive DNS servers,
provided by Aaron Kaplan, works great, but is Linux specific (dnscap,
inotify). There are recursive DNS servers based on Microsoft software
and these are not currently supported. Therefore a tool should be
developed that supports this platform.
Preliminary analysis and prototyping shows the following:
- The best platform seems to be Powershell, it is integrated and readily available and is complex enough to interface with system components, allows for signing the code and automated remote deployment using GPOs.
- The tshark tool from the Wireshark toolkit is capable of all required functions, be it capturing in minute intervals, filtering for outward DNS communication only and desired protocols. The only missing feature is saving in the .pcap.gz format, so this has to be externalized (there are .NET modules for gzip compression so that can be added easily).
- The inotify alternative on Microsoft Windows is the .NET FileSystemWatcher. The capabilities are somewhat different, but it can be parametrized to support the required use-case.
- The SSH/scp data transmission might be the tricky part. While the latest versions do natively support SSH, previous do not, so an external solution is probably the best choice.
Author: Radko Krkoš krkos@cesnet.cz