Passive DNS Capture and Monitoring Toolkit
Notable Changes:
---pcapFile=-
) as a more elegant solution to #9docker pull ghcr.io/mosajjal/dnsmonster:dev
)dnstap
pushing data to ClickHouse when the IP address is omittedSIGPIPE
is now handled gracefully in LinuxskipDomains
and allowDomains
. dnsmonster
no longer uses a basic suffix and prefix string match. Instead, it uses a Ternary Search Tree to provide a much faster solution. I've tested Cisco Umbrella 1M against my test pcap
as suffix matching. and there was almost no performance degredation! A small sample of the csv:$ head top-1m-umbrella.csv
google.com.,suffix
www.google.com.,suffix
microsoft.com.,suffix
netflix.com.,suffix
data.microsoft.com.,suffix
ftl.netflix.com.,suffix
prod.ftl.netflix.com.,suffix
events.data.microsoft.com.,suffix
api-global.netflix.com.,suffix
safebrowsing.googleapis.com.,suffix
Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.2...v0.9.3
Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.1...v0.9.2
CHANGES:
v0.9.x is here, and wer're edging closer to a stable v1 release!
BREAKING:
FEATURES:
prometheus
and statsd
FIXES:
clickhouse
driver to v2
dnstap
improvementsCHANGES:
dnstap
(thanks @edevil)memprofile
and cpuprofile
are working better and exit cleanlyADDED:
CHANGED:
curl
shipped with dnsmonster for autobuild.Non-Linux platform support is much better now.
dnsmonster
builds successfully on Windows 11, Mac OS Catalina, FreeBSD 12.3 on amd64
, as well as armv7
and aarch64
Linux.
waitgroups
and added an emergency exit, so the process won't hang on SIGINT