Using Farsight's dnsdbq Command Line DNSDB Tool in a Microsoft Windows Environment: The "Windows Subsystem for Linux" Option
By Joe St Sauver
While many enterprise security analysts use OS X, Linux or a BSD variant for their day-to-day work, others may use Microsoft Windows, either as a matter of preference or as a result of their company's policies.
If you're a Farsight customer and work in a Windows-based environment, you may be curious about your options for accessing DNSDB. Multiple options exist, including:
- Using Farsight's web-based interface to DNSDB
- Using a third-party analysis framework that integrates with DNSDB, such as Maltego (see the DNSDB transform available from the Transform Hub within Maltego)
- Creating a dedicated cross-platform front end such as the demonstration Scala client described in Building a Demo GUI Front End for DNSDB API In Scala With Swing for The Mac and for Windows PCs.
- Using a virtual machine environment such as Oracle's Virtualbox
Yet another option – and the subject of this blog article – is use of the Windows Subsystem for Linux (WSL).
II. What Is The Windows Subsystem for Linux (WSL)?
Microsoft describes the Windows Subsystem for Linux as:
The Windows Subsystem for Linux lets developers run Linux environments – including most command-line tools, utilities, and applications – directly on Windows, unmodified, without the overhead of a virtual machine.
By using the WSL, Windows users can enjoy the power and flexibility of Farsight's command line DNSDB access clients without having to use a different laptop (and without having to install a traditional VM).
III. Installing the WSL
Before installing the Windows Subsystem for Linux, you REALLY SHOULD install all recommended updates and patches. You should ALSO ensure that you've got a recent backup of your Windows system.
Installation instructions for WSL have evolved over time, gradually becoming simpler and less daunting.
For example, at one point, it was necessary to enable "developer mode" in order to be able to install WSL, but that's no longer true, as announced in this Microsoft blog article Developer Mode no longer required for Windows Subsystem for Linux.
As mentioned in that blog article, you now only need to visit "Turn Windows features on or off" to enable the WSL. See Figure 1.
Figure 1. Enabling Windows Subsystem for Linux
After selecting Windows Subsystem for Linux, save your selection by clicking OK. You will likely be prompted to reboot after the software is downloaded and installed.
If you do this, and your attempt to select WSL (checking "Windows Subsystem for Linux" on the "Turn Windows features on or off" panel) appears not to "stick" across the reboot process, see GitHub or Microsoft's Troubleshooting page for solutions to other potential issues.
IV. Installing Ubuntu
Once you've got the WSL enabled and installed, the next step is to install the Ubuntu 16.04 LTS distribution (as provided by Canonical Group Limited) from the Microsoft Store. See Figure 2.
Figure 2. Download and Install Ubuntu from the Microsoft Store:
When you get and run the Ubuntu installer, you'll be prompted to pick a username and password.
Note: because that password is used for sudo (superuser) access, ensure you pick a strong password.
Also note: do NOT forget your username and password. If you do so, see Microsoft's Users and Permissions page.
Also note that copy-and-paste IS possible in the WSL environment.
V. Updating Your New Ubuntu Installation and Installing Basic Build Tools/Libraries
Your next chore is to do a little housekeeping: patch your Ubuntu installation and install basic tools to build software on your system. Start a
bash window if you don't already have one open (go to the search box and look for
bash). You should see something that looks like figure 3 (your prompt and window title will vary):
Figure 3. Sample bash window
Once you have that window open:
sudo bash [enter your password] cd apt update apt upgrade apt install build-essential apt install libcurl4-openssl-dev apt install libjansson-dev exit
Note that doing those upgrades and installing those packages may take a few minutes, so please be patient.
VI. Installing dnsdbq for querying DNSDB
We're now ready to install
dnsdbq (this is the client formerly known as the
dnsdb_query C language client).
git clone https://github.com/dnsdb/dnsdbq.git cd dnsdbq make sudo make install
That client needs to be able to find your DNSDB API key. This DNSDB API key should be installed in
.dnsdb-query.conf in your default home directory. We'll use the
nano editor to create that file from within a
nano ~/.dnsdb-query.conf APIKEY="yourlongAPIkeygoeshere" CTRL-O CTRL-X
Note that the file MUST be called
.dnsdb-query.conf (note the leading dot!) and MUST be in your default home directory.
With your API key in place, you should then be ready to run a sample query in the bash window:
dnsdbq -r uoregon.edu/A -A 30d
For more information about using
dnsdbq, see the
dnsdbq help synopsis or man page:
dnsdbq -h man dnsdbq
For more information about working with Ubuntu, visit the Ubuntu Desktop Guide or any introductory Linux book.
You now know how to activate the Windows Subsystem for Linux on your MS Windows 10 system, including how to install Ubuntu and the software you need to build dnsdbq (the DNSDB command line client formerly known as the "dnsdb_query C language command line client").
With the information from this post, you should be ready to enjoy the best of Linux and DNSDB on your Windows 10 PC!
For more information about getting access to DNSDB API, please see our Order Services page.
Joe St Sauver Ph.D. is a Distinguished Scientist with Farsight Security, Inc.