LinuxSoftware

Coding and tramping in Aotearoa / New Zealand

Download DNSRawOut

DNSRawOut

Summary

An IP address resolver for Apache logs.

Status: Beta; Version: 0.0.1; Activity: Shelved; License: GPL; Programming Language: C; Author: David.

What is DNSRawOut?...

Webalizer is great for creating nice stats, but I also want to browse through my logs and have all the IP addresses resolved. I thought Webalizer might do this as it already does all the work of building a DNS cache and resolving the IPs, but after hunting through all the (many!) options I find it doesn't. I could switch on resolving IPs in Apache, but that's a bad idea which would slow down serving my webpages and could even be used for a DoS attack.

I found DNSTran which does what I want and is free-of-charge (gratis), but doesn't come with any source. Now I'm 99% sure DNSTran isn't doing anything nasty as it sends off all those IP packets from me, but not having the source code available made me feel uneasy.

I went for a hunt for an open source equivalent. I found MassDNS, but it wouldn't compile under GCC3.3.2. Besides it bugged me that these programs were creating their own DNS caches, when Webalizer already has built one. So, I tried to hack in (yet another) option to Webalizer to spew out raw output after having resolved the host address.

The code is very crude and simple. 

            addr_len = strlen(log_rec.hostname);
            if (inet_addr(log_rec.hostname) != INADDR_NONE)
            {
                resolve_dns(&log_rec);
            }

            if (dns_raw_out) {
                assert(addr_len < strlen(tmp_buf));
                fprintf(out_fp, "%s%s\n", log_rec.hostname, tmp_buf+addr_len);
            }

But with it added I started getting memory errors in weird places! It's a cliche, but I don't think it's my code which was causing them, just the change has exposed the problem. Webalizer is a very useful tool, but its source shows why Perl programmers shouldn't be allowed to touch C ;-). Have a look at it sometime... main() is over 1100 lines long!!! Debugging it isn't something I wanted to do. Instead I cut out all the statistics processing until I had a program which just uses the DNS cache to resolve the IP addresses in Apache logs. And guess what? The memory errors disappeared! (Not conclusive proof that it wasn't my fault I know.)

DNSRawOut -- It's crude and ugly, but it works for me.

CategoryProject