logstash-filter-dns 3.0.1 → 3.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a904ba308a43248f28d424a0d82da4fde999894b
-  data.tar.gz: 5583c65cffcfac528907a2ebfb83e412ae387a84
+  metadata.gz: 71ea1ae4db2be0cfc2ef5e4c7e109d8ab52ea66e
+  data.tar.gz: 9da02b4bd4f919e0a08ba2df3d85a5baf871023e
 SHA512:
-  metadata.gz: 7a9d4691b838e061e30cf8257e620d657b0c48bcbab5f53b2b46c1fba2d19e7b985d58131b5355ff190f2a8a70138773d8f6137ddf871b5551983266ad9bf53d
-  data.tar.gz: b40d2d271a3999fcd9bb3ee5f4cfcf8362108c84f4fd029e41f11e673638ab7007e80c2061cc98d51c97d58cddbd4ea253d26085dd014a5ae25f85c39de37f7a
+  metadata.gz: 3c6d9c9f130680c2c08d5c42f28e313c28fa9da74e4bb7b4e54367a11bf8c25b6c2199d487af71911180e61cb8e627cffd59740e941f4949e2f659c8ea5c9061
+  data.tar.gz: e4be62edea5cc7d006a7aae79d7c2ef02fbc974e0522dd4a92974acd47444570ce28da677d760a978000bb45c572c7f4edf5b5e8644e74fb1297281609b4a977

data/CHANGELOG.md

@@ -1,7 +1,16 @@
+## 3.0.3
+  - Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
+
+## 3.0.2
+  - Add support for International Domain Names e.g. müller.com. Fixes https://github.com/logstash-plugins/logstash-filter-dns/issues/22
+  - Add support for custom hosts files (helps with testing but could be useful to some folks).
+
 ## 3.0.1
   - Republish all the gems under jruby.
+
 ## 3.0.0
   - Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
+
 ## 2.1.3
   - Fix spec early termination by removing an explicit return from a block
 
@@ -17,7 +26,7 @@
  - Retry a maximum of :max_retries instead of failing immediately
 
 ## 2.0.0
- - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 
+ - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
    instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
  - Dependency on logstash-core update to 2.0
 

data/CONTRIBUTORS

@@ -16,6 +16,7 @@ Contributors:
 * Richard Pijnenburg (electrical)
 * Suyog Rao (suyograo)
 * hal-awesome
+* Guy Boertje (guyboertje)
 
 Note: If you've sent us patches, bug reports, or otherwise contributed to
 Logstash, and you aren't on the list above and want to be, please let us know

data/lib/logstash/filters/dns.rb

@@ -2,17 +2,20 @@
 require "logstash/filters/base"
 require "logstash/namespace"
 require "lru_redux"
+require "resolv"
+require "timeout"
+
+java_import 'java.net.IDN'
 
 
 # The DNS filter performs a lookup (either an A record/CNAME record lookup
 # or a reverse lookup at the PTR record) on records specified under the
-# `reverse` and `resolve` arrays.
+# `reverse` arrays or respectively under the `resolve` arrays.
 #
 # The config should look like this:
 # [source,ruby]
 #     filter {
 #       dns {
-#         type => 'type'
 #         reverse => [ "source_host", "field_with_address" ]
 #         resolve => [ "field_with_fqdn" ]
 #         action => "replace"
@@ -63,14 +66,15 @@ class LogStash::Filters::DNS < LogStash::Filters::Base
   # how long to cache failed requests (in seconds)
   config :failed_cache_ttl, :validate => :number, :default => 5
 
+  # Use custom hosts file(s). For example: `["/var/db/my_custom_hosts"]`
+  config :hostsfile, :validate => :array
+
   public
   def register
-    require "resolv"
-    require "timeout"
-    if @nameserver.nil?
+    if @nameserver.nil? && @hostsfile.nil?
       @resolv = Resolv.new
     else
-      @resolv = Resolv.new(resolvers=[::Resolv::Hosts.new, ::Resolv::DNS.new(:nameserver => @nameserver, :search => [], :ndots => 1)])
+      @resolv = Resolv.new(build_resolvers)
     end
 
     if @hit_cache_size > 0
@@ -99,6 +103,21 @@ class LogStash::Filters::DNS < LogStash::Filters::Base
   end
 
   private
+
+  def build_resolvers
+    build_user_host_resolvers.concat([::Resolv::Hosts.new]).concat(build_user_dns_resolver)
+  end
+
+  def build_user_host_resolvers
+    return [] if @hostsfile.nil? || @hostsfile.empty?
+    @hostsfile.map{|fn| ::Resolv::Hosts.new(fn)}
+  end
+
+  def build_user_dns_resolver
+    return [] if @nameserver.nil? || @nameserver.empty?
+    [::Resolv::DNS.new(:nameserver => @nameserver, :search => [], :ndots => 1)]
+  end
+
   def resolve(event)
     @resolve.each do |field|
       is_array = false
@@ -245,11 +264,13 @@ class LogStash::Filters::DNS < LogStash::Filters::Base
 
   private
   def getname(address)
-    @resolv.getname(address).force_encoding(Encoding::UTF_8)
+    name = @resolv.getname(address).force_encoding(Encoding::UTF_8)
+    IDN.toUnicode(name)
   end
 
   private
   def getaddress(name)
-    @resolv.getaddress(name).force_encoding(Encoding::UTF_8)
+    idn = IDN.toASCII(name)
+    @resolv.getaddress(idn).force_encoding(Encoding::UTF_8)
   end
 end # class LogStash::Filters::DNS

data/logstash-filter-dns.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-dns'
-  s.version         = '3.0.1'
+  s.version         = '3.0.3'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "This filter will resolve any IP addresses from a field of your choosing."
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -20,9 +20,8 @@ Gem::Specification.new do |s|
   s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
 
   # Gem dependencies
-  s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
   s.add_runtime_dependency 'lru_redux', "~> 1.1.0"
 
   s.add_development_dependency 'logstash-devutils'
 end
-

data/spec/filters/dns_spec.rb

@@ -4,357 +4,392 @@ require "logstash/filters/dns"
 require "resolv"
 
 describe LogStash::Filters::DNS do
-  before(:each) do
-    allow_any_instance_of(Resolv).to receive(:getaddress).with("carrera.databits.net").and_return("199.192.228.250")
-    allow_any_instance_of(Resolv).to receive(:getaddress).with("does.not.exist").and_raise(Resolv::ResolvError)
-    allow_any_instance_of(Resolv).to receive(:getaddress).with("nonexistanthostname###.net").and_raise(Resolv::ResolvError)
-    allow_any_instance_of(Resolv).to receive(:getname).with("199.192.228.250").and_return("carrera.databits.net")
-    allow_any_instance_of(Resolv).to receive(:getname).with("127.0.0.1").and_return("localhost")
-    allow_any_instance_of(Resolv).to receive(:getname).with("128.0.0.1").and_raise(Resolv::ResolvError)
-    allow_any_instance_of(Resolv).to receive(:getname).with("199.192.228.250").and_return("carrera.databits.net")
-  end
+  describe "with stubbed Resolv" do
+    before(:each) do
+      allow_any_instance_of(Resolv).to receive(:getaddress).with("carrera.databits.net").and_return("199.192.228.250")
+      allow_any_instance_of(Resolv).to receive(:getaddress).with("does.not.exist").and_raise(Resolv::ResolvError)
+      allow_any_instance_of(Resolv).to receive(:getaddress).with("nonexistanthostname###.net").and_raise(Resolv::ResolvError)
+      allow_any_instance_of(Resolv).to receive(:getname).with("199.192.228.250").and_return("carrera.databits.net")
+      allow_any_instance_of(Resolv).to receive(:getname).with("127.0.0.1").and_return("localhost")
+      allow_any_instance_of(Resolv).to receive(:getname).with("128.0.0.1").and_raise(Resolv::ResolvError)
+      allow_any_instance_of(Resolv).to receive(:getname).with("199.192.228.250").and_return("carrera.databits.net")
+    end
 
-  describe "dns reverse lookup, replace (on a field)" do
-    config <<-CONFIG
-      filter {
-        dns {
-          reverse => "foo"
-          action => "replace"
+    describe "dns reverse lookup, replace (on a field)" do
+      config <<-CONFIG
+        filter {
+          dns {
+            reverse => "foo"
+            action => "replace"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => "199.192.228.250") do
-      insist { subject.get("foo") } == "carrera.databits.net"
+      sample("foo" => "199.192.228.250") do
+        insist { subject.get("foo") } == "carrera.databits.net"
+      end
     end
-  end
 
-  describe "dns reverse lookup, append" do
-    config <<-CONFIG
-      filter {
-        dns {
-          reverse => "foo"
-          action => "append"
+    describe "dns reverse lookup, append" do
+      config <<-CONFIG
+        filter {
+          dns {
+            reverse => "foo"
+            action => "append"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => "199.192.228.250") do
-      insist { subject.get("foo")[0] } == "199.192.228.250"
-      insist { subject.get("foo")[1] } == "carrera.databits.net"
+      sample("foo" => "199.192.228.250") do
+        insist { subject.get("foo")[0] } == "199.192.228.250"
+        insist { subject.get("foo")[1] } == "carrera.databits.net"
+      end
     end
-  end
 
-  describe "dns reverse lookup, not an IP" do
-    config <<-CONFIG
-      filter {
-        dns {
-          reverse => "foo"
+    describe "dns reverse lookup, not an IP" do
+      config <<-CONFIG
+        filter {
+          dns {
+            reverse => "foo"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => "not.an.ip") do
-      insist { subject.get("foo") } == "not.an.ip"
+      sample("foo" => "not.an.ip") do
+        insist { subject.get("foo") } == "not.an.ip"
+      end
     end
-  end
 
-  describe "dns resolve lookup, replace" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host"]
-          action => "replace"
-          add_tag => ["success"]
+    describe "dns resolve lookup, replace" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host"]
+            action => "replace"
+            add_tag => ["success"]
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("host" => "carrera.databits.net") do
-      insist { subject.get("host") } == "199.192.228.250"
-      insist { subject.get("tags") } == ["success"]
+      sample("host" => "carrera.databits.net") do
+        insist { subject.get("host") } == "199.192.228.250"
+        insist { subject.get("tags") } == ["success"]
+      end
     end
-  end
 
-  describe "dns fail resolve lookup, don't add tag" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host1", "host2"]
-          action => "replace"
-          add_tag => ["success"]
+    describe "dns fail resolve lookup, don't add tag" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host1", "host2"]
+            action => "replace"
+            add_tag => ["success"]
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("host1" => "carrera.databits.net", "host2" => "nonexistanthostname###.net") do
-      insist { subject.get("tags") }.nil?
-      insist { subject.get("host1") } == "199.192.228.250"
-      insist { subject.get("host2") } == "nonexistanthostname###.net"
+      sample("host1" => "carrera.databits.net", "host2" => "nonexistanthostname###.net") do
+        insist { subject.get("tags") }.nil?
+        insist { subject.get("host1") } == "199.192.228.250"
+        insist { subject.get("host2") } == "nonexistanthostname###.net"
+      end
     end
-  end
 
-  describe "dns resolves lookups, adds tag" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host1", "host2"]
-          action => "replace"
-          add_tag => ["success"]
+    describe "dns resolves lookups, adds tag" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host1", "host2"]
+            action => "replace"
+            add_tag => ["success"]
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("host1" => "carrera.databits.net", "host2" => "carrera.databits.net") do
-      insist { subject.get("tags") } == ["success"]
+      sample("host1" => "carrera.databits.net", "host2" => "carrera.databits.net") do
+        insist { subject.get("tags") } == ["success"]
+      end
     end
-  end
 
-  describe "dns resolves and reverses, fails last, no tag" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host1"]
-          reverse => ["ip1", "ip2"]
-          action => "replace"
-          add_tag => ["success"]
+    describe "dns resolves and reverses, fails last, no tag" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host1"]
+            reverse => ["ip1", "ip2"]
+            action => "replace"
+            add_tag => ["success"]
+          }
         }
-      }
-    CONFIG
-
-    sample("host1" => "carrera.databits.net",
-           "ip1" => "127.0.0.1",
-           "ip2" => "128.0.0.1") do
-      insist { subject.get("tags") }.nil?
-      insist { subject.get("host1") } == "199.192.228.250"
-      insist { subject.get("ip1") } == "localhost"
-      insist { subject.get("ip2") } == "128.0.0.1"
+      CONFIG
+
+      sample("host1" => "carrera.databits.net",
+             "ip1" => "127.0.0.1",
+             "ip2" => "128.0.0.1") do
+        insist { subject.get("tags") }.nil?
+        insist { subject.get("host1") } == "199.192.228.250"
+        insist { subject.get("ip1") } == "localhost"
+        insist { subject.get("ip2") } == "128.0.0.1"
+      end
     end
-  end
 
-  describe "dns resolve lookup, replace (on a field)" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => "foo"
-          action => "replace"
+    describe "dns resolve lookup, replace (on a field)" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => "foo"
+            action => "replace"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => "carrera.databits.net") do
-      insist { subject.get("foo") } == "199.192.228.250"
+      sample("foo" => "carrera.databits.net") do
+        insist { subject.get("foo") } == "199.192.228.250"
+      end
     end
-  end
 
-  describe "dns resolve lookup, skip multi-value" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => "foo"
-          action => "replace"
+    describe "dns resolve lookup, skip multi-value" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => "foo"
+            action => "replace"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => ["carrera.databits.net", "foo.databits.net"]) do
-      insist { subject.get("foo") } == ["carrera.databits.net", "foo.databits.net"]
+      sample("foo" => ["carrera.databits.net", "foo.databits.net"]) do
+        insist { subject.get("foo") } == ["carrera.databits.net", "foo.databits.net"]
+      end
     end
-  end
 
-  describe "dns resolve lookup, append" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => "foo"
-          action => "append"
+    describe "dns resolve lookup, append" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => "foo"
+            action => "append"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => "carrera.databits.net") do
-      insist { subject.get("foo")[0] } == "carrera.databits.net"
-      insist { subject.get("foo")[1] } == "199.192.228.250"
+      sample("foo" => "carrera.databits.net") do
+        insist { subject.get("foo")[0] } == "carrera.databits.net"
+        insist { subject.get("foo")[1] } == "199.192.228.250"
+      end
     end
-  end
 
-  describe "dns resolve lookup, append with multi-value does nothing" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => "foo"
-          action => "append"
+    describe "dns resolve lookup, append with multi-value does nothing" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => "foo"
+            action => "append"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => ["carrera.databits.net", "foo.databits.net"]) do
-      insist { subject.get("foo") } == ["carrera.databits.net", "foo.databits.net"]
+      sample("foo" => ["carrera.databits.net", "foo.databits.net"]) do
+        insist { subject.get("foo") } == ["carrera.databits.net", "foo.databits.net"]
+      end
     end
-  end
 
-  describe "dns resolve lookup, not a valid hostname" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve=> "foo"
+    describe "dns resolve lookup, not a valid hostname" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve=> "foo"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("foo" => "does.not.exist") do
-      insist { subject.get("foo") } == "does.not.exist"
+      sample("foo" => "does.not.exist") do
+        insist { subject.get("foo") } == "does.not.exist"
+      end
     end
-  end
 
-  describe "dns resolve lookup, single custom nameserver" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host"]
-          action => "replace"
-          nameserver => "8.8.8.8"
+    describe "dns resolve lookup, single custom nameserver" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host"]
+            action => "replace"
+            nameserver => "8.8.8.8"
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("host" => "carrera.databits.net") do
-      insist { subject.get("host") } == "199.192.228.250"
+      sample("host" => "carrera.databits.net") do
+        insist { subject.get("host") } == "199.192.228.250"
+      end
     end
-  end
 
-  describe "dns resolve lookup, multiple nameserver fallback" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host"]
-          action => "replace"
-          nameserver => ["127.0.0.99", "8.8.8.8"]
+    describe "dns resolve lookup, multiple nameserver fallback" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host"]
+            action => "replace"
+            nameserver => ["127.0.0.99", "8.8.8.8"]
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("host" => "carrera.databits.net") do
-      insist { subject.get("host") } == "199.192.228.250"
+      sample("host" => "carrera.databits.net") do
+        insist { subject.get("host") } == "199.192.228.250"
+      end
     end
-  end
 
-  describe "dns resolve lookup, multiple nameserver fallback" do
-    config <<-CONFIG
-      filter {
-        dns {
-          resolve => ["host"]
-          action => "replace"
-          nameserver => ["127.0.0.99", "8.8.8.8"]
+    describe "dns resolve lookup, multiple nameserver fallback" do
+      config <<-CONFIG
+        filter {
+          dns {
+            resolve => ["host"]
+            action => "replace"
+            nameserver => ["127.0.0.99", "8.8.8.8"]
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    sample("host" => "carrera.databits.net") do
-      insist { subject.get("host") } == "199.192.228.250"
+      sample("host" => "carrera.databits.net") do
+        insist { subject.get("host") } == "199.192.228.250"
+      end
     end
-  end
 
-  describe "failed cache" do
+    describe "failed cache" do
 
-    let(:subject) { LogStash::Filters::DNS.new(config) }
-    let(:event1) { LogStash::Event.new("message" => "unkownhost") }
-    let(:event2) { LogStash::Event.new("message" => "unkownhost") }
+      let(:subject) { LogStash::Filters::DNS.new(config) }
+      let(:event1) { LogStash::Event.new("message" => "unkownhost") }
+      let(:event2) { LogStash::Event.new("message" => "unkownhost") }
 
-    before(:each) do
-      allow(subject).to receive(:getaddress).and_raise Resolv::ResolvError
-      subject.register
-    end
+      before(:each) do
+        allow(subject).to receive(:getaddress).and_raise Resolv::ResolvError
+        subject.register
+      end
 
-    context "when enabled" do
-      let(:config) { { "resolve" => ["message"], "failed_cache_size" => 3 } }
+      context "when enabled" do
+        let(:config) { { "resolve" => ["message"], "failed_cache_size" => 3 } }
 
-      it "should cache a failed lookup" do
-        expect(subject).to receive(:getaddress).once
-        subject.filter(event1)
-        subject.filter(event2)
+        it "should cache a failed lookup" do
+          expect(subject).to receive(:getaddress).once
+          subject.filter(event1)
+          subject.filter(event2)
+        end
       end
-    end
 
-    context "when disabled" do
-      let(:config) { { "resolve" => ["message"] } }
+      context "when disabled" do
+        let(:config) { { "resolve" => ["message"] } }
 
-      it "should not cache a failed lookup" do
-        expect(subject).to receive(:getaddress).twice
-        subject.filter(event1)
-        subject.filter(event2)
+        it "should not cache a failed lookup" do
+          expect(subject).to receive(:getaddress).twice
+          subject.filter(event1)
+          subject.filter(event2)
+        end
       end
     end
-  end
 
-  describe "hit cache" do
+    describe "hit cache" do
 
-    let(:subject) { LogStash::Filters::DNS.new(config) }
-    let(:event1) { LogStash::Event.new("message" => "unkownhost") }
-    let(:event2) { LogStash::Event.new("message" => "unkownhost") }
+      let(:subject) { LogStash::Filters::DNS.new(config) }
+      let(:event1) { LogStash::Event.new("message" => "unkownhost") }
+      let(:event2) { LogStash::Event.new("message" => "unkownhost") }
 
-    before(:each) do
-      allow(subject).to receive(:getaddress).and_return("127.0.0.1")
-      subject.register
-    end
+      before(:each) do
+        allow(subject).to receive(:getaddress).and_return("127.0.0.1")
+        subject.register
+      end
 
-    context "when enabled" do
-      let(:config) { { "resolve" => ["message"], "hit_cache_size" => 3 } }
+      context "when enabled" do
+        let(:config) { { "resolve" => ["message"], "hit_cache_size" => 3 } }
 
-      it "should cache a succesful lookup" do
-        expect(subject).to receive(:getaddress).once
-        subject.filter(event1)
-        subject.filter(event2)
+        it "should cache a succesful lookup" do
+          expect(subject).to receive(:getaddress).once
+          subject.filter(event1)
+          subject.filter(event2)
+        end
       end
-    end
 
-    context "when disabled" do
-      let(:config) { { "resolve" => ["message"] } }
+      context "when disabled" do
+        let(:config) { { "resolve" => ["message"] } }
 
-      it "should not cache a successful lookup" do
-        expect(subject).to receive(:getaddress).twice
-        subject.filter(event1)
-        subject.filter(event2)
+        it "should not cache a successful lookup" do
+          expect(subject).to receive(:getaddress).twice
+          subject.filter(event1)
+          subject.filter(event2)
+        end
       end
     end
-  end
 
-  describe "retries" do
+    describe "retries" do
 
-    let(:subject) { LogStash::Filters::DNS.new(config) }
-    let(:event) { LogStash::Event.new("message" => "unkownhost") }
-    let(:max_retries) { 3 }
-    let(:config) { { "resolve" => ["message"], "max_retries" => max_retries } }
+      let(:subject) { LogStash::Filters::DNS.new(config) }
+      let(:event) { LogStash::Event.new("message" => "unkownhost") }
+      let(:max_retries) { 3 }
+      let(:config) { { "resolve" => ["message"], "max_retries" => max_retries } }
 
-    before(:each) { subject.register }
+      before(:each) { subject.register }
 
-    context "when failing permanently" do
-      before(:each) do
-        allow(subject).to receive(:getaddress).and_raise(Timeout::Error)
+      context "when failing permanently" do
+        before(:each) do
+          allow(subject).to receive(:getaddress).and_raise(Timeout::Error)
+        end
+
+        it "should fail a resolve after max_retries" do
+          expect(subject).to receive(:getaddress).exactly(max_retries+1).times
+          subject.filter(event)
+        end
       end
 
-      it "should fail a resolve after max_retries" do
-        expect(subject).to receive(:getaddress).exactly(max_retries+1).times
-        subject.filter(event)
+      context "when failing temporarily" do
+        before(:each) do
+          allow(subject).to receive(:getaddress) do
+            @try ||= 0
+            if @try < 2
+              @try = @try + 1
+              raise Timeout::Error
+            else
+              "127.0.0.1"
+            end
+          end
+        end
+
+        it "should resolve before max_retries" do
+          expect(subject).to receive(:getaddress).exactly(3).times
+          subject.filter(event)
+        end
       end
     end
+  end
+
+  describe "with nameserver integration" do
+    describe "lookup using fixture hosts file" do
+      let(:subject) { LogStash::Filters::DNS.new(config) }
+      let(:hostsfile) { File.join(File.dirname(__FILE__), "..", "fixtures", "hosts") }
+      # From the custom hosts file
+      # 10.10.0.1 xn--d1acpjx3f.xn--p1ai  # -> Яндекс.рф
+      # 10.10.0.2 xn--mller-kva.com       # -> müller.com
 
-    context "when failing temporarily" do
       before(:each) do
-        allow(subject).to receive(:getaddress) do
-          @try ||= 0
-          if @try < 2
-            @try = @try + 1
-            raise Timeout::Error
-          else
-            "127.0.0.1"
-          end
+        subject.register
+        subject.filter(event)
+      end
+
+      context "when domain is an IDN" do
+        let(:config) { { "resolve" => ["domain"], "action" => "replace", "hostsfile" => [hostsfile]} }
+        let(:event) { LogStash::Event.new("domain" => "Яндекс.рф") }
+
+        it "should return the IP" do
+          expect(event.get("domain")).to eq("10.10.0.1")
         end
       end
 
-      it "should resolve before max_retries" do
-        expect(subject).to receive(:getaddress).exactly(3).times
-        subject.filter(event)
+      context "when IP points to an IDN" do
+        let(:config) { { "reverse" => ["domain"], "action" => "replace", "hostsfile" => [hostsfile]} }
+        let(:event) { LogStash::Event.new("domain" => "10.10.0.2") }
+
+        it "should return the IDN" do
+          expect(event.get("domain")).to eq("müller.com")
+        end
       end
     end
   end

data/spec/fixtures/hosts

@@ -0,0 +1,2 @@
+10.10.0.1 xn--d1acpjx3f.xn--p1ai  # Яндекс.рф
+10.10.0.2 xn--mller-kva.com       # müller.com

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-dns
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.0.3
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-09 00:00:00.000000000 Z
+date: 2016-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.99'
   name: logstash-core-plugin-api
   prerelease: false
   type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.99'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -67,6 +73,7 @@ files:
 - lib/logstash/filters/dns.rb
 - logstash-filter-dns.gemspec
 - spec/filters/dns_spec.rb
+- spec/fixtures/hosts
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
@@ -89,9 +96,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.3
 signing_key:
 specification_version: 4
 summary: This filter will resolve any IP addresses from a field of your choosing.
 test_files:
 - spec/filters/dns_spec.rb
+- spec/fixtures/hosts