pom-ng:analyzer:dns
This is an old revision of the document!
Table of Contents
Analyzer dns
This analyzer listens to DNS packets and generates events out of them. Its main goal is to create an event each time a new DNS record is found.
Events
| Name | Payload associated | Description |
|---|---|---|
| dns_record | no | Contains all the information about a DNS record from the reply of a server. |
dns_record
This event is generated for each record seen in a DNS reply.
| Field | Type | Description |
|---|---|---|
| name | string | Name of the record. |
| ttl | uint32 | Time to live. |
| type | uint16 | Record type. |
| class | uint16 | Record class. |
| values | see below | Values of the RR. |
Depending on the RR type, multiple values are available :
| RR Type | Value | Type | Description |
|---|---|---|---|
| A | a | ipv4 | IPv4 address of the A record. |
| AAAA | aaaa | ipv6 | IPv6 address of the AAAA record. |
| CNAME | cname | string | Canonical name. |
| PTR | ptr | string | Pointer name. |
| MX | mx_pref | uint16 | MX preference. |
| mx | string | Mail exchange server. |
pom-ng/analyzer/dns.1352901104.txt.gz · Last modified: 2020/05/26 21:59 (external edit)