Sorry for the huge delay in getting this out there - it just fell on the back burner.
I've put my code up at <https://github.com/grigorescu/bro/tree/topic/vladg/dns_txt_queries>. The changes weren't terribly significant. It adds lookup_hostname_txt: > when (local result = > lookup_hostname_txt("733a48a9cb49651d72fe824ca91e8d00.malware.hash.cymru.com")) > print result; Please let me know if anyone sees any issues. There is a save TXT function, but there is no capability to read the data back from a file, as I mentioned. If someone wants to take a stab to getting that working properly, please feel free. Otherwise, let me know and I'll remove the save function. Thanks, --Vlad On Aug 30, 2012, at 11:38 AM, Robin Sommer <[email protected]> wrote: > Cool, thanks for working on this, Vlad. > > On Thu, Aug 30, 2012 at 05:04 -0500, you wrote: > >> As the previous poor soul to touch that code, I wouldn't mind looking at >> what you've got so far and then attempting to add the caching support. > > If the caching is trikcy to get in (or makes the code even worse ...), > we can indeed skip it. The main reason for having the caching at all > is DNS names embedded in scripts (e.g., code of the form "set[addr] = > { foo.bar }"). Bro looks these up once at startup and that can > potentially take a while if there are a lot or responses are coming in > slowly. So what one can do is "prime" the cache first, so that the > next time Bro starts up, it doesn't need to do the lookups. That was > more important in the Old Days though when people restarted Bro once a > day to flush state and that had to be fast. > > This is all not relevant to TXT records. And, in fact, I've already > been wondering if we can get rid of the cache altogether to simplify > the DNS code. > > Robin > > -- > Robin Sommer * Phone +1 (510) 722-6541 * [email protected] > ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org > _______________________________________________ > bro-dev mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
