Bug #2723: dns v2 json output should always set top-level rrtype in responses - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2723

closed

dns v2 json output should always set top-level rrtype in responses

Added by Michael Stone almost 6 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

4.1.1

Affected Versions:

4.1

Effort:

Difficulty:

Label:

Description

Currently the v2 dns json doesn't set dns.rrtype, and instead relies on dns.answers[n].rrtype. This suffices in the common case of a single response, but if there are no responses--for example, if a client queries AAAA and no AAAA exists, or NXDOMAIN--there is nothing in the log entry showing what query generated the empty response. Likewise, when there is a chain of responses, it would be easier to determine what query initiated that chain if the original rrtype was included. In short, dns.rrtype should always be set in the json logs of dns responses.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #2723

dns v2 json output should always set top-level rrtype in responses

Updated by Victor Julien almost 6 years ago

Updated by Jason Ish almost 6 years ago

Updated by Michael Stone almost 6 years ago

Updated by Victor Julien almost 6 years ago