Project

General

Profile

Actions

Bug #4924

closed

dns: transaction not created when z-bit set

Added by Jason Ish almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

While creating a pcap with the DNS z-bit set I noticed that both dnsmasq (my own hosted version) as well as the Google public DNS server (8.8.8.8) both accept requests with the z-bit set.

So we should probably create the transaction then set the event instead of setting the event and bailing.


Related issues 3 (0 open3 closed)

Related to Suricata - Feature #4515: Add DNS logging of Z flagClosedOdin JensegActions
Copied to Suricata - Bug #4960: dns: transaction not created when z-bit setClosedShivani BhardwajActions
Copied to Suricata - Bug #4961: dns: transaction not created when z-bit setClosedJeff LucovskyActions
Actions

Also available in: Atom PDF