featured image, abstract image
Blog Farsight TXT Record

Getting "Human" (ISO8601) Datetime Stamps From dnsdbq JSON lines-formatted Output

10/30/2018
Share this entry
DomainTools Favicon
Farsight Security

1. Introduction

dnsdbq is a popular command-line client for accessing DNSDB API. dnsdbq can produce output in presentation format, CSV format, or JSON lines format. One issue that users sometimes run into when using the JSON lines format is that timestamps in the JSON lines format are left “raw,” in “Unix epoch seconds.” For example, let’s look at one record from DNSDB for www.reed.edu in JSON lines format:

$ dnsdbq -r www.reed.edu -j -l 1
{"count":897725,"time_first":1277399572,"time_last":1540409659,"rrname":"www.reed.edu.","rrtype":"A","bailiwick":"reed.edu.","rdata":["134.10.2.252"]}

While there’s nothing “wrong” or “improper” about timestamps expressed as Unix epoch seconds, many of us will prefer to convert them to a more easily read format, such as ISO8601 datetime format.

2. jq To The Rescue

jq is an oft-used tool for post-processing JSON Lines output. In this case, we’ll use jq to reformat the Unix epoch second time stamps to ISO8601 dates. There are “many ways to get to the same place” in jq, but one solution to this problem is the following succinct transformation (.time_first |= todate) ? //. applied to each of the four timefields that can be in dnsdbq’s output.

We’ll make this into a jq function rewrite_dates and save it into the jq init file. Create file ~/.jq (or append to an existing one) containing:

def rewrite_dates:
(.time_first |= todate) ? //.
 | (.time_last |= todate) ? //.
  | (.zone_time_first |= todate) ? //.
   | (.zone_time_last |= todate) ? //.;

Here’s how to use it:

$ dnsdbq -r www.reed.edu -j -l 1 | jq rewrite_dates
{
  "count": 898126,
  "time_first": "2010-06-24T17:12:52Z",
  "time_last": "2018-10-25T19:52:55Z",
  "rrname": "www.reed.edu.",
  "rrtype": "A",
  "bailiwick": "reed.edu.",
  "rdata": [
    "134.10.2.252"
  ]
}

3. Conclusion

We hope this article has helped eliminate one potential problem when it comes to using dnsdbq, namely the issue of raw Unix epoch-second-format dates in JSON Lines format output. We also hope this article may inspire you to investigate the power of jq, and its many cool and useful capabilities.

David Waitzman is a Senior Distributed Systems Engineer for Farsight Security, Inc..

Related Content

A digital landscape illustration depicting a dynamic network of interconnected lines and points, reminiscent of USPS smishing attacks. The grid-like structure features various peaks and valleys, illuminated by glowing red and white dots against a shadowy backdrop.
Blog

How Domain Intelligence and Passive DNS Create A Fuller Domain Profile

Read more
New Developments in USPS Smishing Attacks
Blog

Phishmas Comes Early: New Developments in USPS Smishing Attacks

Read more
Blog

Post Quantum Cryptography (PQC): You May Already Be Using It!

Read more
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2024 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap