This is an old revision of the document!
====== Analyzer dns ====== This analyzer listens to DNS packets and generates events out of them. Its main goal is to create an event each time a new DNS record is found. ===== Events ===== ^ Name ^ Payload associated ^ Description ^ |dns_record|no|Contains all the information about a DNS record from the reply of a server.| ==== dns_record ==== This event is generated for each record seen in a DNS reply. ^ Field ^ Type ^ Description ^ |name|string|Name of the record.| |ttl|uint32|Time to live.| |type|uint16|Record type.| |class|uint16|Record class.| |values|see below|Values of the RR.| Depending on the RR type, multiple values are available : ^ RR type name ^ RR type value ^ Values ^ Type ^ Description ^ |A|1|a|ipv4|IPv4 address of the A record.| |AAAA|28|aaaa|ipv6|IPv6 address of the AAAA record.| |CNAME|5|cname|string|Canonical name.| |PTR|12|ptr|string|Pointer name.| |MX|15|mx_pref|uint16|MX preference.| |:::|:::|mx|string|Mail exchange server.|