>We have just published a new draft on a proposed format for DNS packet >capture - please see below for details. We would very much appreciate >feedback on the overall problem discussed here in addition to the >details of the format proposed.
Did you consider not (partially) decoding the DNS payload and instead just storing DNS payloads directly as binary blobs? Experience with RIPE Atlas shows that binary the DNS data has a number of advantages: - future proof - no maintainance required - can store anything no matter how broken - lack of processing equals lack of bugs - parsers can be based on original DNS standards instead of a new scheme plus all DNS standards for the details. Another issue is to consider whether the format would benefit from local extensions. For example, enrichtment of data according to local specifications. If so, then BSON would be another format to consider. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
