Milestone 2

Architectural Diagram

Components

The following components are used in this tool:

• DOIC: The main tool itself, comprised of components to parse the DNS request recieved, check the requested domain against the malicious domain list (in redis), and resolving the request upstream if it is deemed safe.
  Listens on TCP:53.
• Redis DB: The redis db (listens on TCP:6379) containing the following data sets:
  
  • blacklist:domain: contains a redis set of blacklisted domains.
  • client:list: contains the redis set of clients registered in the system.
  • client:<client_ip>: contains the ordered redis set of domains (with timestamp) that the specified client has browsed.
    
• DOIC Cli: The redns cli is a command line tool used to browse connected users, browse connected users history, and enter domains into the blacklisted domain list. The cli connect to redis on its configured port (default TCP:6379).

Activity Diagram

Add new blacklisted domain

• As an administrator, I want to add new blacklisted domains to keep my client safe.

Track client traffic

• As an administrator, I want to follow traffic on a per-ip basis to track down malicious software swiftly.

Malicious traffic alerting

• As an administrator, I want to be alerted of malicious intent to keep my users safe.

User story relization

The following resources will be used in demoing redns and the redns_cli:

• browse redns resources
  
• redns
  
• redns_cli
  

Next milestone planning

The next milestone has been planned and is in the ‘Selected For Development/Sprint TODO’ in trello.
Please note that is is tentative and ever changing as the current sprint work is wrapping up now and we are phasing in the next sprint. The cards will move even if the ‘current progress’ is not tracked.