Dnsmonster Versions Save

Passive DNS Capture and Monitoring Toolkit

v1.0.0-beta2

3 months ago

v1.0.0-beta1

4 months ago

What's Changed

  • move from docker-compose to docker compose in autobuild
  • added parquet output
  • added zinc output
  • added Kafka SASL authentication
  • added license information

New Contributors

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.9...v1.0.0-beta1

v0.9.9

1 year ago

BREAKING Changes:

  • project structure changes for builds. dnsmonster command script now sits inside the cmd/dnsmonster folder as per standard
  • packet time has changed to 64 bit precision (addresses #45 and #31). Unfortunately tables need to be recreated since Clickhouse doesn't allow type conversion on PRIMARY KEYS.
  • file output now takes a directory path and handles rotation and auto-creates files as per template. the old file output is deprecated. In order to output to a raw file, use stdoutoutputtype and redirect to the destination file

Other notable changes:

  • Go 1.20 support
  • pcapng file support
  • GOB output format for Kafka
  • goreleaser rollout (alpha)

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.7...v0.9.9

v0.9.8-2

1 year ago

BREAKING Changes:

  • project structure changes for builds. dnsmonster command script now sits inside the cmd/dnsmonster folder as per standard
  • packet time has changed to 64 bit precision (addresses #45 and #31). Unfortunately tables need to be recreated since Clickhouse doesn't allow type conversion on PRIMARY KEYS.
  • file output now takes a directory path and handles rotation and auto-creates files as per template. the old file output is deprecated. In order to output to a raw file, use stdoutoutputtype and redirect to the destination file

Other notable changes:

  • Go 1.20 support
  • pcapng file support
  • GOB output format for Kafka
  • goreleaser rollout (alpha)

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.7...v0.9.8

v0.9.8-1

1 year ago

BREAKING Changes:

  • project structure changes for builds. dnsmonster command script now sits inside the cmd/dnsmonster folder as per standard
  • packet time has changed to 64 bit precision (addresses #45 and #31). Unfortunately tables need to be recreated since Clickhouse doesn't allow type conversion on PRIMARY KEYS.
  • file output now takes a directory path and handles rotation and auto-creates files as per template. the old file output is deprecated. In order to output to a raw file, use stdoutoutputtype and redirect to the destination file

Other notable changes:

  • Go 1.20 support
  • pcapng file support
  • GOB output format for Kafka
  • goreleaser rollout (alpha)

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.7...v0.9.8

v0.9.8

1 year ago

BREAKING Changes:

  • project structure changes for builds. dnsmonster command script now sits inside the cmd/dnsmonster folder as per standard
  • packet time has changed to 64 bit precision (addresses #45 and #31). Unfortunately tables need to be recreated since Clickhouse doesn't allow type conversion on PRIMARY KEYS.
  • file output now takes a directory path and handles rotation and auto-creates files as per template. the old file output is deprecated. In order to output to a raw file, use stdoutoutputtype and redirect to the destination file

Other notable changes:

  • Go 1.20 support
  • pcapng file support
  • GOB output format for Kafka
  • goreleaser rollout (alpha)

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.7...v0.9.8

v0.9.7

1 year ago

Bug fixes and performance enhancements

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.6...v0.9.7

v0.9.6

1 year ago

What's Changed

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.5...v0.9.6

v0.9.5

1 year ago

With the changes in this version, dnsmonster is closer to reach 1.x. Please open issues and discussions if there's any issues.

BREAKING:

  • command-line arguments are now case-insensitive
  • ini config file has changed to all lowercase (old .ini needs to be updated)
  • new --filter input syntax allows a gzip'd and base64'd filter to be passed on as a command-line argument. IMPORTANT NOTE: this feature means command line arguments being sent to dnsmonster can potentially execute ANY BPF program on your machine. be careful!

if you compile dnsmonster with no libpcap support (-tags nolibpcap), you'll see the following at start:

dnsmonster has been compiled without libpcap support. tcpdump-style BPF filters are not directly supported.
to generate a filter, use tcpdump and unix ulitities like so: 
tcpdump -ddd "port 53 and not vlan 1024" | gzip -9 | base64 -w0 
then provide the output base64 as a filter to dnsmonster

in above example, you can run a libpcap-less dnsmonster this way:

dnsmonster --devname=lo --stdoutoutputype=1 \
--filter H4sIAAAAAAAAA3WO0Q0AIQhD/5nCEaRW9PZf7EDU3M9FE+HZFkBhLXEUAvV3lsaOLpwLowZGCNpShMZSqsPv8XeuX0bZLlxKhZuDpgseynkHtP8B85Pvi9hTLKg+KjpGrk0ZONUO8kmHnU2DWeYYlNxNlRfV0U3mAQEAAA==

Other changes:

  • dnsmonster is now available for each release in many platforms and is completely non-dependent on libpcap
  • Go 1.19 and various dependency version bumps

v0.9.4

1 year ago

  • BREAKING

    • Slightly modified tables for clickHouse. improves performance and reduces storage cost
    • Grafana dashboard needs to be updated with the new version in order to correctly leverage new table design and fix previous IPv6 issues (#25)

  • Notable Changes

    • Added systemd service template
    • Updated dependencies
    • Added fast JSON parsing for Windows
    • Multiple ClickHouse endpoint support
    • Major performance gains in ClickHouse batching
    • Fix TLS verification skip on Elastic/opensearch output
    • Experimental PostgreSQL support
    • Documentation and in-code comments improvements