Provided by: argus-client_5.0.2+git20250321.41f65e2-2ubuntu1_amd64 
NAME
radns - process DNS data from argus(8) data streams / files.
SYNOPSIS
radns [raoptions] [-- filter-expression]
DESCRIPTION
Radns reads argus data from an argus-data source, and extracts and tracks DNS transaction data from the
argus data records. radns is a flow record labeler, and can be configured to label flow records with the
dns names of the saddr and daddr addresses seen in the outer IP DSR of flow records. As a result, radns
can be a stage in an argus data flow stream, enhancing real-time flow records with DNS metadata.
OPTIONS
Radns, like all ra based clients, supports a number of ra options including filtering of input argus
records through a terminating filter expression, and the ability to specify the output style, format and
contents for printing data. See ra(1) for a complete description of ra options. radns(1) specific
options are:
-M modes
Supported modes are:
json Print the DNS transaction data in json format.
CONFIGURATION
radns(1) can be configured using a radns.conf(5) configuration file. See radns.conf(5) for a complete
description of radns configuration options.
INVOCATION
A sample invocation of radns(1). This call reads argus(8) data from inputfile and prints the DNS
transaction content as it is read from the argus(8) data.
% radns -R /usr/local/argus/archive/*/en0/2024/02/05/*.05.10.0* -N 1200
02/05.05:12:50.506561: AAAA? KitAppTV.local. :
02/05.05:14:30.116963: AAAA? qosient.mail.pairserver.com. : SOA pairserver.com. ns1.pair.com. root.pair.com. 2024020506 3600 300 604800 7200
02/05.10:01:06.404054: PTR? lb._dns-sd._udp.0.129.37.10.in-addr.arpa. : SOA 10.in-addr.arpa. prisoner.iana.org. hostmaster.root-servers.org. 1 604800 60 604800 604800
apophis:argus-clients-5.0 carter$ bin/radns -M json -R /usr/local/argus/archive/*/en0/2024/02/05/*.05.10.0* -N 1250
02/05.05:12:50.506561: AAAA? KitAppTV.local. :
02/05.05:14:30.116963: AAAA? qosient.mail.pairserver.com. : SOA pairserver.com. ns1.pair.com. root.pair.com. 2024020506 3600 300 604800 7200
02/05.10:01:06.404054: PTR? lb._dns-sd._udp.0.129.37.10.in-addr.arpa. : SOA 10.in-addr.arpa. prisoner.iana.org. hostmaster.root-servers.org. 1 604800 60 604800 604800
02/05.10:01:45.717174: Type65? init.push.apple.com. : CNAME init.push.apple.com. init.push-apple.com.akadns.net. SOA akadns.net. internal.akadns.net. hostmaster.akamai.com. 1629813934 90000 90000 90000 180
02/05.10:01:45.717302: AAAA? init.push.apple.com. : AAAA init.push-apple.com.akadns.net. 2620:149:208:430a::4[28],2620:149:208:430e::4[28],2620:149:208:430c::4[28],2620:149:208:430b::4[28],2620:149:208:430d::4[28] CNAME init.push.apple.com. init.push-apple.com.akadns.net.
02/05.10:01:45.717432: A? init.push.apple.com. : A init.push-apple.com.akadns.net. 17.188.179.2[16],17.188.178.2[16],17.188.178.226[16],17.188.178.34[16],17.188.143.158[16],17.188.143.157[16],17.188.179.34[16],17.188.143.187[16] CNAME init.push.apple.com. init.push-apple.com.akadns.net.
02/05.10:01:45.736437: Type65? init.push-apple.com.akadns.net. : SOA akadns.net. internal.akadns.net. hostmaster.akamai.com. 1629813934 90000 90000 90000 180
A sample invocation of radns(1). This call reads argus(8) data from inputfile and uses the -q option to
suppress DNS transaction reporting. radns(1) caches its DNS server, clients and transaction data in
memory, and when finished reading data, resolve queries about the data.
In this example, it reads a days of data and looks up references to a specific DNS query, printing its
output as json data.
% radns -M json -R /usr/local/argus/archive/*/en0/2024/02/05 -qM search:qosient.com.
{ "name":"qosient.com.", "ref":"3", "stime":"1707147521","ltime":"1707183149", "addr":[ "216.92.14.146" ], "server":[ "2603:7000:c00:b053:ea9f:80ff:fe85:5cc5" ], "client":[ "2603:7000:c00:b053:987f:ad32:81c:e70f", "2603:7000:c00:b053:f9f2:6d70:ff9c:48d7" ] }
COPYRIGHT
Copyright (c) 2000-2024 QoSient. All rights reserved.
SEE ALSO
radns.conf(5), ra(1), rarc(5), argus(8),
FILES
AUTHORS
Carter Bullard (carter@qosient.com).
BUGS
radns 5.0.3 07 October 2023 RADNS(1)