dnslogmunge - A tool for decoding tinydns log output

Get the text of this script here

#!/usr/bin/perl -w

#A program to decode tinydns logfiles
#Written by Sean Hunter <sean@uncarved.com>
#Copyright (c) 2001 Uncarved Systems Ltd
#
#This is free software released under version 2 
#of the GPL without warrantees of any kind

use strict;

use IPC::Open2;

#Requires djb's tai64nlocal to be in the path
open2(*READTAI, *WRITETAI, 'tai64nlocal');

my %query_type = (
        '0001' => 'A',
        '0002' => 'NS',
        '0005' => 'CNAME',
        '0006' => 'SOA',
        '000c' => 'PTR',
        '000f' => 'MX',
        '0010' => 'TXT',
        '001c' => 'AAAA',
        '0021' => 'RT',
        '0026' => 'A6',
        '00fb' => 'IXFR',
        '00fc' => 'AXFR',
        '00ff' => '*'
);

my %results = (
        '+' => 'responded',
        '-' => 'not_authority',
        'I' => 'not_implemented/invalid',
        'C' => 'wrong_class',
        '/' => 'not_parsed'
);

while (<>) {
        print WRITETAI $_;
        my $line = <READTAI>;
        chomp $line;
        if (my ($stamp,$rawip,$port,$id,$result,$type,$name) = $line =~ /^(\S+ \S+) ([^:]+):([^:]+):([^:]+) (\S+) (\S+) (\S+)$/) {
                my $ip = decodeip($rawip);
                my $qtype = $query_type{$type} || $type;
                my $desc = $results{$result};
                $line = sprintf("%s %s %15.15s:%4.4s %-8.8s %-24.24s %s",$stamp,$id,$ip,$port,$qtype,$desc,$name);
        }
        print "$line\n";
}

close READTAI;
close WRITETAI;

sub decodeip
{
        my $rawip = shift;
        my @hexbits = $rawip =~ /(..)(..)(..)(..)/;
        my $text_ip;
        my $sep = '';
        for (@hexbits) {
                $text_ip .= $sep . hex($_);
                $sep = '.';
        }

        $text_ip;
}