User Tools

Site Tools


pom-ng:analyzer:dns

This is an old revision of the document!


Analyzer dns

This analyzer listens to DNS packets and generates events out of them. Its main goal is to create an event each time a new DNS record is found.

Events

Name Payload associated Description
dns_recordnoContains all the information about a DNS record from the reply of a server.

dns_record

This event is generated for each record seen in a DNS reply.

Field Type Description
namestringName of the record.
ttluint32Time to live.
typeuint16Record type.
classuint16Record class.
valuessee belowValues of the RR.

Depending on the RR type, multiple values are available :

RR type name RR type value Values Type Description
A1aipv4IPv4 address of the A record.
AAAA28aaaaipv6IPv6 address of the AAAA record.
CNAME5cnamestringCanonical name.
PTR12ptrstringPointer name.
MX15mx_prefuint16MX preference.
mxstringMail exchange server.

Parameters

Name Type Default value Description
anti_spoofboolfalsePrevent spoofing by accepting only replies that match a query.
q_timeoutuint3210Query timeout for anti-spoofing protection.
pom-ng/analyzer/dns.1436471236.txt.gz · Last modified: 2020/05/26 21:59 (external edit)