Closed mrjones-plip closed 6 years ago
I think (and hope) the reason for this is quite simple: the dump file is missing dots at the end of the zones, which I believe is the proper formatting. When missing the last dot, the software will actually remove the last character instead, changing the zone to something.com
to something.co
for instance.
Q 32.57.89.19 1.2.3.4 1 0 1 foo.auction.com. 67
R 32.57.89.19 1.2.3.4 1 0 1 foo.auction.com. 686 2
Q 201.77.156.94 1.2.3.4 0 0 5 quux.test.com. 66
R 201.77.156.94 1.2.3.4 0 0 5 quux.test.com. 556 2
@alexisfasquel - great, thanks for pointing out my mistake. Sorry about that!
However, it still doesn't entirely work. The customer is found now, but the distilled zone still isn't being recorded. Here's the 4 resulting rows from my select * from dnsauth_queries;
call:
> select * from dnsauth_queries;
name: dnsauth_queries
time customer direction pop protocol qtype rcode value version
---- -------- --------- --- -------- ----- ----- ----- -------
1495040820000000000 foo Q fra udp A none 1 4
1495040880000000000 foo R fra udp A servfail 1 4
1495040940000000000 bar Q fra tcp CNAME none 1 4
1495041000000000000 bar R fra tcp CNAME servfail 1 4
Alright, indeed. I did not include the distilled zone into influx. Just merged a commit with the fix. (I'm sorry, I inadvertently closed the issue. Let me know if that works for you as well)
One of the new features we wanted to release with 1.1.0 is that when the customer was resolved in the
zones
table, it would also record the distilled zone to influxdb. This is not happening when testing with 1.1.0.Steps to reproduce:
customers.sql
file in this repodrop series from dnsauth_queries
SZC_mon-01.fra.testnet.net_2017-05-17.17-07.dmp
with the following contents:SZC_mon-01.fra.testnet.net_2017-05-17.17-07.dmp
and move it to you ingest directory (for me this is/var/dnsauth
).select * from dnsauth_queries;
expected: the resulting 4 rows should resolve to customer
foo
andbar
and show zonesauction.com
andtest.com
respectively. actual: no customer is found and no distilled zone is recorded. Here's the result of myselect * from dnsauth_queries;
call: