Passive DNS安装使用

先上张图

安装环境:debian 10 

 

1)下载passive dns源代码

 

root@TI-OS:~# git clone git://github.com/gamelinux/passivedns.git

root@TI-OS:~# cd passivedns/

root@TI-OS:~/passivedns# autoreconf --install

root@TI-OS:~/passivedns# apt-get install bind9

root@TI-OS:~/passivedns# apt-get install libldns-dev

root@TI-OS:~/passivedns# apt-get install libpcap-dev

root@TI-OS:~/passivedns#apt install -y automake make g++ bison flex libelf-dev libssl-dev bc

root@TI-OS:~/passivedns# ./configure

root@TI-OS:~/passivedns# make

root@TI-OS:~/passivedns# make install

 

2)监听DNS

 

root@TI-OS:~/passivedns# cd src/

root@TI-OS:~/passivedns/src# ./passivedns -l /root/passivedns.log

root@TI-OS:~# tail passivedns.log

1625290907.935871||10.158.1.188||223.5.5.5||IN||rt.tace.ru.||A||1.2.3.4||295||1

1625290907.935895||10.158.1.188||223.5.5.5||IN||tracker.trackerfix.com.||A||176.31.225.118||7000||1

1625290907.935905||10.158.1.188||223.5.5.5||IN||tracker.files.fm.||A||159.69.65.157||61||1

1625290907.936434||10.158.1.188||223.5.5.5||IN||tracker.bt4g.com.||AAAA||2001::1f0d:5f21||488||1

1625290907.947683||10.158.1.188||223.5.5.5||IN||tp.m-team.cc.||A||162.125.83.1||8||1

1625290907.956072||10.158.1.188||223.5.5.5||IN||tp.m-team.cc.||AAAA||2001::8079:f3eb||137||1

1625290908.023489||10.158.1.10||1.1.1.1||IN||www.baidu.com.||CNAME||www.a.shifen.com.||12||1

 

4)安装mysql

 

root@TI-OS:~# apt install mariadb-server

root@TI-OS:~# systemctl status mariadb

root@TI-OS:~# mysql_secure_installation

root@TI-OS:~# apt-get install php-mysql

root@TI-OS:~# mysql -u root -p

MariaDB [(none)]> GRANT USAGE ON *.* TO 'pdns'@'localhost' IDENTIFIED BY 'pdns';

MariaDB [(none)]> GRANT SELECT,CREATE,INSERT,UPDATE ON pdns.* TO 'pdns'@'localhost';

MariaDB [(none)]> flush privileges;

MariaDB [(none)]> CREATE DATABASE pdns CHARACTER SET utf8;

 

5)log文件导入mysql

 

root@TI-OS:~# PATH=/usr/bin:$PATH;export PATH

root@TI-OS:~# perl -MCPAN -e shell

cpan[1]> install DBI

cpan[2]> install DBD::mysql

root@TI-OS:~# cd passivedns/tools/

root@TI-OS:~/passivedns/tools# perl pdns2db.pl --file /root/passivedns.log &

root@TI-OS:~/passivedns/tools# vim pdns2db.pl  注释掉25行

#use DateTime;