config.yml

################################################
# global configuration
################################################
global:
  # If turned on, log some applications messages
  trace:
    # debug informations
    verbose: true
    # log malformed packet
    # log-malformed: false
    # # filename is the file to write logs to.
    # filename: ""
    # # maximum size in megabytes of the log file it gets rotated
    # max-size: 10
    # # maximum number of old log files to retain
    # max-backups: 10

  # Set the server identity name
  # comment the following line to use the hostname
  server-identity: "dns-collector"

  # default directives for text format output
  # - timestamp-rfc3339ns: timestamp rfc3339 format, with nano support
  # - timestamp-unixms: unix timestamp with ms support
  # - timestamp-unixus: unix timestamp with us support
  # - timestamp-unixns: unix timestamp with nano support
  # - localtime: local time
  # - identity: dnstap identity
  # - version: dnstap version
  # - extra: dnstap extra as string
  # - operation: dnstap operation
  # - opcode: dns opcode (integer)
  # - rcode: dns return code
  # - queryip: dns query ip
  # - queryport: dns query port
  # - responseip: dns response ip
  # - responseport: dns response port
  # - id: dns id
  # - family: ip protocol version INET or INET6
  # - protocol: protocol UDP, TCP
  # - length: the length of the query or reply
  # - qtype: dns qtype
  # - qname: dns qname
  # - latency: computed latency between queries and replies
  # - answercount: the number of answer
  # - ttl: answer ttl, only the first one value
  # - answer: rdata answer, only the first one, prefer to use the JSON format if you wamt all answers
  # - malformed: malformed dns packet, integer value 1/0
  # - qr: query or reply flag, string value Q/R
  # - tc: truncated flag
  # - aa: authoritative answer
  # - ra: recursion available
  # - ad: authenticated data
  # - edns-csubnet: client subnet
  # - df: ip defragmentation flag
  # - tr: tcp reassembled flag
  text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
  # default text field delimiter
  text-format-delimiter: " "
  # default text field boundary
  text-format-boundary: "\""

# create your dns collector, please refer bellow to see the list
# of supported collectors, loggers and transformers
multiplexer:
  collectors:
    - name: tap
      dnstap:
        listen-ip: 0.0.0.0
        listen-port: 6000
      transforms:
        normalize:
          qname-lowercase: false

  loggers:
    - name: console
      stdout:
        mode: text

  routes:
    - from: [ tap ]
      to: [ console ]

################################################
# list of supported collectors
################################################

# # dnstap standard
# dnstap:
#   # listen on ip
#   listen-ip: 0.0.0.0
#   # listening on port
#   listen-port: 6000
#   # unix socket path
#   sock-path: null
#   # tls support
#   tls-support: false
#   # tls min version
#   tls-min-version: 1.2
#   # certificate server file
#   cert-file: ""
#   # private key server file
#   key-file: ""
#   # Sets the socket receive buffer in bytes SO_RCVBUF, set to zero to use the default system value
#   sock-rcvbuf: 0
#   # Reset TCP connection on exit
#   reset-conn: true
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # dnstap proxifier with no protobuf decoding.
# dnstap-proxifier:
#   # listen on ip
#   listen-ip: 0.0.0.0
#   # listening on port
#   listen-port: 6000
#   # unix socket path
#   sock-path: null
#   # tls support
#   tls-support: false
#   # tls min version
#   tls-min-version: 1.2
#   # certificate server file
#   cert-file: ""
#   # private key server file
#   key-file: ""

# # live capture with AF_PACKET
# afpacket-sniffer:
#   # filter on source and destination port
#   port: 53
#   # if "" bind on all interfaces
#   device: wlp2s0
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # live capture with XDP
# xdp-sniffer:
#   # bind on device
#   device: wlp2s0
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # ingest pcap file
# file-ingestor:
#   # directory to watch for pcap files to ingest
#   watch-dir: /tmp
#   # watch the directory pcap file with *.pcap extension or dnstap stream with *.fstrm extension
#   # watch mode: pcap|dnstap
#   watch-mode: pcap
#   # filter only on source and destination port
#   pcap-dns-port: 53
#   # delete pcap file after ingest
#   delete-after: false
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # read text file
# tail:
#   # file to follow
#   file-path: null
#   # Use the exact layout numbers described https://golang.org/src/time/format.go
#   time-layout: "2006-01-02T15:04:05.999999999Z07:00"
#   # regexp pattern for queries
#   # example for unbound: "query: (?P<queryip>[^ ]*) (?P<domain>[^ ]*) (?P<qtype>[^ ]*)"
#   pattern-query: "^(?P<timestamp>[^ ]*) (?P<identity>[^ ]*) (?P<qr>.*_QUERY) (?P<rcode>[^ ]*)
#     (?P<queryip>[^ ]*) (?P<queryport>[^ ]*) (?P<family>[^ ]*) (?P<protocol>[^ ]*)
#     (?P<length>[^ ]*)b (?P<domain>[^ ]*) (?P<qtype>[^ ]*) (?P<latency>[^ ]*)$"
#   # regexp pattern for replies
#   # example for unbound: "reply: (?P<queryip>[^ ]*) (?P<domain>[^ ]*) (?P<qtype>[^ ]*) IN (?P<rcode>[^ ]*) (?P<latency>[^ ]*)"
#   pattern-reply: "^(?P<timestamp>[^ ]*) (?P<identity>[^ ]*) (?P<qr>.*_RESPONSE) (?P<rcode>[^ ]*)
#     (?P<queryip>[^ ]*) (?P<queryport>[^ ]*) (?P<family>[^ ]*) (?P<protocol>[^ ]*) (?P<length>[^ ]*)b
#     (?P<domain>[^ ]*) (?P<qtype>[^ ]*) (?P<latency>[^ ]*)$"

# # protobuf powerdns
# # The text format can be customized with the following additionnals directives:
# # - powerdns-tags[:INDEX]: get all tags separated by comma or one tag at provided index
# # - powerdns-original-request-client: powerdns metadata, get edns subclient
# # - powerdns-applied-policy: powerdns metadata, get applied policy
# # - powerdns-metadata[:KEY]: get  all metadata separated by comma or specific one if a valid [KEY] is provided
# powerdns:
#   # listen on ip
#   listen-ip: 0.0.0.0
#   # listening on port
#   listen-port: 6001
#   # tls support
#   tls-support: false
#   # tls min version
#   tls-min-version: 1.2
#   # certificate server file
#   cert-file: ""
#   # private key server file
#   key-file: ""
#   # Reset TCP connection on exit
#   reset-conn: true
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # tzsp (TaZmen Sniffer Protocol)
# tzsp:
#   # listen on ip
#   listen-ip: 0.0.0.0
#   # listen on port
#   listen-port: 10000
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

################################################
# list of supported loggers
################################################

# # print received dns traffic to stdout
# stdout:
#   # output format: text|json|flat-json|pcap
#   mode: text
#   # output text format, please refer to the top of this file to see all available directives
#   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # rest api server
# restapi:
#   # listening IP
#   listen-ip: 0.0.0.0
#   # listening port
#   listen-port: 8080
#   # default login
#   basic-auth-login: admin
#   # default password
#   basic-auth-pwd: changeme
#   # tls support
#   tls-support: false
#   # certificate server file
#   cert-file: ""
#   # private key server file
#   key-file: ""
#   # default number of items on top
#   top-n: 100
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # prometheus metrics server
# prometheus:
#   # listening IP
#   listen-ip: 0.0.0.0
#   # listening port
#   listen-port: 8081
#   # default login
#   basic-auth-login: admin
#   # default password
#   basic-auth-pwd: changeme
#   # enable basic authentication
#   basic-auth-enable: true
#   # tls support
#   tls-support: false
#   # tls mutual
#   tls-mutual: false
#   # tls min version
#   tls-min-version: 1.2
#   # certificate server file
#   cert-file: ""
#   # private key server file
#   key-file: ""
#   # prometheus prefix
#   prometheus-prefix: "dnscollector"
#   # default number of items on top
#   top-n: 10
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535
#   # compute histogram for qnames length, latencies, queries and replies size repartition
#   histogram-metrics-enabled: false

# # write captured dns traffic to text or binary files with rotation and compression support
# logfile:
#   # output logfile name
#   file-path:  /tmp/test.log
#   # maximum size in megabytes of the file before rotation
#   # A minimum of max-size*max-files megabytes of space disk must be available
#   max-size: 100
#   # maximum number of files to retain.
#   # Set to zero if you want to disable this feature
#   max-files: 10
#   # flush buffer to log file every X seconds
#   flush-interval: 10
#   # compress log file
#   compress: false
#   # compress interval
#   # checking every X seconds if new log files must be compressed
#   compress-interval: 5
#   # run external script after each file compress step
#   compress-postcommand: null
#   # output format: text|json|pcap|dnstap|flat-json
#   mode: text
#   # output text format, please refer to the top of this file to see all available directives
#   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
#   # run external script after each file rotation
#   postrotate-command: null
#   # delete file on script success
#   postrotate-delete-success: true
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # resend captured dns traffic to another dnstap collector or to unix socket
# dnstap:
#   # remote address
#   remote-address: 10.0.0.1
#   # remote tcp port
#   remote-port: 6000
#   # unix socket path
#   sock-path: null
#   # connect timeout
#   connect-timeout: 5
#   # interval in second between retry reconnect
#   retry-interval: 10
#   # interval in second before to flush the buffer
#   flush-interval: 30
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # server identity, if empty use the global one or hostname
#   server-id: "dnscollector"
#   # overwrite original identity
#   overwrite-identity: false
#   # number of dns messages in buffer
#   buffer-size: 100
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # resend captured dns traffic to a tcp remote destination or to unix socket
# tcpclient:
#   # network transport to use: tcp|unix
#   transport: tcp
#   # remote address
#   remote-address: 127.0.0.1
#   # remote tcp port
#   remote-port: 9999
#   # unix socket path
#   sock-path: null
#   # connect timeout
#   connect-timeout: 5
#   # interval in second between retry reconnect
#   retry-interval: 10
#   # interval in second before to flush the buffer
#   flush-interval: 30
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # output format: text|json|flat-json
#   mode: json
#   # output text format, please refer to the top of this file to see all available directives
#   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
#   # delimiter to use between payload sent
#   delimiter: "\n"
#   # how many DNS messages will be buffered before being sent
#   buffer-size: 100
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # Send captured traffic to a redis channel, mapped on TCP client logger options
# redispub:
#   # output format: text|json|flat-json
#   mode: json
#   # remote address
#   remote-address: 127.0.0.1
#   # remote tcp port
#   remote-port: 6379
#   # connect timeout
#   connect-timeout: 5
#   retry-interval: 10
#   flush-interval: 2
#   # enable tls
#   tls-support: false
#   tls-insecure: false
#   # output text format, please refer to the top of this file to see all available directives
#   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
#   delimiter: "\n"
#   # how many DNS messages will be buffered before being sent
#   buffer-size: 100
#   # Name of the channel to publish into
#   redis-channel: dns-collector
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # redirect captured dns traffic to a remote syslog server or local one
# syslog:
#   # Set the syslog logging severity
#   severity: INFO
#   # Set the syslog logging facility
#   facility: DAEMON
#   # Transport to use to a remote log daemon or local one
#   # local|tcp|udp|unix or tcp+tls
#   transport: local
#   # Remote address host:port
#   remote-address: ""
#   # interval in second between retry reconnect
#   retry-interval: 10
#   # output text format, please refer to the top of this file to see all available directives
#   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
#   # output format: text|json|flat-json
#   mode: text
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # set syslog formatter between `unix` (default), `rfc3164` or `rfc5424` or `rfc5425`
#   format: ""
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535
#   # Syslog tag or MSGID
#   tag: ""

# # elasticsearch backend, basic support
# elasticsearch:
#   # remote server url
#   server: "http://127.0.0.1:9200/"
#   # Elasticsearch index for ingestion
#   index:  "indexname"
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535
#   # Size of batches sent to ES via _bulk
#   bulk-size: 100
#   # interval in seconds before to flush the buffer
#   flush-interval: 30

# # resend captured dns traffic to a remote fluentd server or to unix socket
# fluentd:
#   # network transport to use: tcp|unix
#   transport: tcp
#   # remote address
#   remote-address: 127.0.0.1
#   # remote tcp port
#   remote-port: 24224
#   # unix socket path
#   sock-path: null
#   # connect timeout
#   connect-timeout: 5
#   # interval in second between retry reconnect
#   retry-interval: 10
#   # interval in second before to flush the buffer
#   flush-interval: 30
#   # tag name
#   tag: "dns.collector"
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # how many DNS messages will be buffered before being sent
#   buffer-size: 100
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # resend captured dns traffic to a InfluxDB database
# influxdb:
#   # InfluxDB server url
#   server-url: "http://localhost:8086"
#   # authentication token
#   auth-token: ""
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # bucket
#   bucket: "db_dns"
#   # Organization
#   organization: "dnscollector"
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # resend captured dns traffic to a Loki Server
# lokiclient:
#   # Loki server url
#   server-url: "http://lokiwriter.home.lab/loki/api/v1/push"
#   # Job name
#   job-name: "dnscollector"
#   # output format: text|json|flat-json
#   mode: text
#   # flush batch every X seconds
#   flush-interval: 5
#   # batch size for log entries in bytes
#   batch-size: 1048576
#   # interval in second between before to retry to send log entries
#   retry-interval: 10
#   # output text format, please refer to the default text format to see all available directives
#   # use this parameter if you want a specific format
#   text-format: "localtime identity qr queryip family protocol qname qtype rcode"
#   # Proxy URL
#   proxy-url: ""
#   # insecure skip verify
#   tls-insecure: false
#   # basic auth login
#   basic-auth-login: ""
#   # basic auth password
#   basic-auth-pwd: ""
#   # path to a file containing the basic auth password
#   basic-auth-pwd-file: ""
#   # tenant/organisation id. If omitted or empty, no X-Scope-OrgID header is sent.
#   tenant-id: "" 
#   # Describes how to relabel targets.
#   # Usage very similar to https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs.
#   # Labels are accessible by prefixing with `__` and using the key name as used
#   # when outputting in the flat-json mode with `.` replaced by `_`.
#   relabel-configs:
#     - source_labels: ["__dns_qtype"]
#       target_label: "qtype"
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # forward to statsd proxy
# statsd:
#   # network transport to use: udp|tcp
#   transport: udp
#   # remote address
#   remote-address: 127.0.0.1
#   # remote tcp port
#   remote-port: 8125
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # prefix
#   prefix: "dnscollector"
#   # flush every X seconds
#   flush-interval: 10
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # Send captured traffic to Scalyr/dataset.com
# # Uses the api/addEvents endpoint, see https://app.eu.scalyr.com/help/api#addEvents
# scalyrclient:
#   # output format: text|json|flat-json
#   mode: text
#   # output text format, please refer to the top of this file to see all available directives
#   text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
#   # Any "session" information for the Scalyr backend. By default, "serverHost" is set to the hostname of the machine
#   sessioninfo: {}
#   # Any arbitrary attributes for the logs that are sent
#   attrs: {}
#   # Hostname where the endpoint resides
#   server-url: app.scalyr.com
#   # API Token with Write permissions, required!
#   apikey: ""
#   # When using json and text mode, the parser Scalyr should use, required
#   parser: ""
#   # How often to flush logs, in seconds
#   flush-interval: 30
#   # Proxy URL
#   proxy-url: ""
#   # insecure skip verify
#   tls-insecure: false
#   # tls min version
#   tls-min-version: 1.2
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # resend captured dns traffic to a kafka sink
# kafkaproducer:
#   # remote address
#   remote-address: 127.0.0.1
#   # remote tcp port
#   remote-port: 9092
#   # connect timeout
#   connect-timeout: 5
#   # interval in second between retry reconnect
#   retry-interval: 10
#   # interval in second before to flush the buffer
#   flush-interval: 30
#   # enable tls
#   tls-support: false
#   # insecure skip verify
#   tls-insecure: false
#   # enable SASL
#   sasl-support: false
#   # SASL mechanism: PLAIN|SCRAM-SHA-512
#   sasl-mechanism: PLAIN
#   # SASL username
#   sasl-username: false
#   # SASL password
#   sasl-password: false
#   # output format: text|json|flat-json
#   mode: flat-json
#   # how many DNS messages will be buffered before being sent
#   buffer-size: 100
#   # Kafka topic to forward messages to
#   topic: "dnscollector"
#   # Kafka partition
#   partition: 0
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

# # Send captured traffic to falco (https://falco.org/), for security and advanced inspection
# falco:
#   # remote falco plugin endpoint
#   url: "http://127.0.0.1:9200"
#   # Channel buffer size for incoming packets, number of packet before to drop it.
#   chan-buffer-size: 65535

################################################
# list of transforms to apply on collectors or loggers
################################################

# # Use this transformer to add base64 dns payload in JSON ouput
# # additionnals directive for text format
# # - extracted-dns-payload: dns payload encoded in base64
# extract:
#   # enable payload base64 encoding
#   add-payload: true

# # Use this transformer to detect trafic duplication
# # additionnals directive for text format
# # - reducer-occurences: number of occurences detected
# # - cumulative-length: sum of the length of each occurences
# reducer:
#   # enable detector
#   repetitive-traffic-detector: true
#   # limit to qname+1 instead of the complete qname to detect repetition
#   qname-plus-one: false
#   # watch interval in seconds
#   watch-interval: 5

# # Use this transformer to compute latency and detect timeout on queries
# # additionnals directive for text format
# # - computed-latency: computed latency between queries and replies
# latency:
#   # Measure latency between replies and queries
#   measure-latency: false
#   # Detect queries without replies
#   unanswered-queries: false
#   # timeout in second for queries
#   queries-timeout: 2

# # Use this option to protect user privacy
# user-privacy:
#   # IP-Addresses are anonymities by zeroing the host-part of an address.
#   anonymize-ip: false
#   # Reduce Qname to second level only, for exemple mail.google.com be replaced by google.com
#   minimaze-qname: false
#   # Hash query and response IP
#   hash-ip: false

# # Use this option to add top level domain and tld+1, based on public suffix list https://publicsuffix.org/
# # or convert all domain to lowercase
# # or enable quiet text in your logs
# # additionnals directive for text format
# # - publicsuffix-tld: tld
# # - publicsuffix-etld+1: effective tld plus one
# normalize:
#   # Wwww.GooGlE.com will be equal to www.google.com
#   qname-lowercase: true
#   # add top level domain
#   add-tld: false
#   # add top level domain plus one label
#   add-tld-plus-one: false
#   # text will be replaced with the small form
#   quiet-text: false

# # filtering feature to ignore some specific qname
# # dns logs is not redirected to loggers if the filtering regexp matched
# filtering:
#   # path file of the fqdn drop list, domains list must be a full qualified domain name
#   drop-fqdn-file: ""
#   # path file of the domain drop list, domains list can be a partial domain name with regexp expression
#   drop-domain-file: ""
#   # path file of the fqdn keep list (all others are dropped), domains list must be a full qualified domain name
#   keep-fqdn-file: ""
#   # path file of the domain keep list (all others are dropped), domains list can be a partial domain name with regexp expression
#   keep-domain-file: ""
#   # path file of the query IP drop list, one IP address or subnet per line
#   drop-queryip-file: ""
#   # path file of the query IP keep list, one IP address or subnet per line
#   keep-queryip-file: ""
#   # drop specific responses according to the return code (NOERROR, ...). This list is empty by default
#   # Example to ignore NOERROR dns packets
#   # drop-rcodes:
#   #  - NOERROR
#   keep-rdataip-file: ""
#   # path file of the rdata IP keep list, one IP address or subnet per line
#   drop-rcodes: []
#   # forward received queries to configured loggers ?
#   log-queries: true
#   # forward received replies to configured loggers ?
#   log-replies: true
#   # only keep 1 out of every downsample records, e.g. if set to 20, then this will return every 20th record, dropping 95% of queries
#   downsample: 0

# # GeoIP maxmind support, more information on https://www.maxmind.com/en/geoip-demo
# # this feature can be used to append additional informations like country, city, asn
# # according to the query ip
# # additionnals directive for text format
# # - geoip-continent: continent code
# # - geoip-country: country iso code
# # - geoip-city: city name
# # - geoip-as-number: autonomous system number
# # - geoip-as-owner: autonomous system organization
# geoip:
#   # path file to your mmdb country database
#   mmdb-country-file: ""
#   # path file to your mmdb city database
#   mmdb-city-file: ""
#   # path file to your mmdb ASN database
#   mmdb-asn-file: ""

# # this feature can be used to tag unusual dns traffic like long domain, large packets
# # additionnals directive for text format
# # - suspicious-score: suspicious score for unusual traffic
# suspicious:
#   # a length greater than this value for qname will be considered as suspicious
#   threshold-qname-len: 100
#   # a size greater than this value will be considered as suspicious in bytes
#   threshold-packet-len: 1000
#   # threshold to set a domain considered as slow regarding latency, value in second
#   threshold-slow: 1.0
#   # common qtypes list
#   common-qtypes:  [ "A", "AAAA", "CNAME", "TXT", "PTR", "NAPTR", "DNSKEY", "SRV", "SOA", "NS", "MX", "DS" ]
#   # unallowed list of characters not acceptable in domain name
#   unallowed-chars: [ "\"", "==", "/", ":" ]
#   # maximum number of labels in domains name
#   threshold-max-labels: 10
#   # to ignore some domains 
#   whitelist-domains: [ "\.ip6\.arpa" ]

# # this feature can be used to add more text format directives for machine learning purpose
# # additionnals directive for text format
# # - ml-entropy
# # - ml-length
# # - ml-digits
# # - ml-lowers
# # - ml-uppers
# # - ml-specials
# # - ml-others
# # - ml-labels
# # - ml-ratio-digits
# # - ml-ratio-letters
# # - ml-ratio-specials
# # - ml-ratio-others
# # - ml-consecutive-chars
# # - ml-consecutive-vowels
# # - ml-consecutive-digits
# # - ml-consecutive-consonants
# # - ml-size
# # - ml-occurences
# # - ml-uncommon-qtypes
# machine-learning:
#   # enable all features
#   add-features: true