Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_DNS.events.bif.bro |
dns_A6_reply: event | Generated for DNS replies of type A6. |
dns_AAAA_reply: event | Generated for DNS replies of type AAAA. |
dns_A_reply: event | Generated for DNS replies of type A. |
dns_CNAME_reply: event | Generated for DNS replies of type CNAME. |
dns_EDNS_addl: event | Generated for DNS replies of type EDNS. |
dns_HINFO_reply: event | Generated for DNS replies of type HINFO. |
dns_MX_reply: event | Generated for DNS replies of type MX. |
dns_NS_reply: event | Generated for DNS replies of type NS. |
dns_PTR_reply: event | Generated for DNS replies of type PTR. |
dns_SOA_reply: event | Generated for DNS replies of type CNAME. |
dns_SRV_reply: event | Generated for DNS replies of type SRV. |
dns_TSIG_addl: event | Generated for DNS replies of type TSIG. |
dns_TXT_reply: event | Generated for DNS replies of type TXT. |
dns_WKS_reply: event | Generated for DNS replies of type WKS. |
dns_end: event | Generated at the end of processing a DNS packet. |
dns_full_request: event | Deprecated. |
dns_message: event | Generated for all DNS messages. |
dns_query_reply: event | Generated for each entry in the Question section of a DNS reply. |
dns_rejected: event | Generated for DNS replies that reject a query. |
dns_request: event | Generated for DNS requests. |
dns_unknown_reply: event | Generated on DNS reply resource records when the type of record is not one that Bro knows how to parse and generate another more specific event. |
non_dns_request: event | msg: The raw DNS payload. |
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, a: addr) |
---|
Generated for DNS replies of type A6. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
A: | The address returned by the reply. |
See also: dns_A_reply, dns_AAAA_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, a: addr) |
---|
Generated for DNS replies of type AAAA. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
A: | The address returned by the reply. |
See also: dns_A_reply, dns_A6_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, a: addr) |
---|
Generated for DNS replies of type A. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
A: | The address returned by the reply. |
See also: dns_AAAA_reply, dns_A6_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, name: string) |
---|
Generated for DNS replies of type CNAME. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Name: | The name returned by the reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_edns_additional) |
---|
Generated for DNS replies of type EDNS. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The parsed EDNS reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer) |
---|
Generated for DNS replies of type HINFO. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, name: string, preference: count) |
---|
Generated for DNS replies of type MX. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Name: | The name returned by the reply. |
Preference: | The preference for name specified by the reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, name: string) |
---|
Generated for DNS replies of type NS. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Name: | The name returned by the reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, name: string) |
---|
Generated for DNS replies of type PTR. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Name: | The name returned by the reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa) |
---|
Generated for DNS replies of type CNAME. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Soa: | The parsed SOA value. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, target: string, priority: count, weight: count, p: count) |
---|
Generated for DNS replies of type SRV. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Target: | Target of the SRV response – the canonical hostname of the machine providing the service, ending in a dot. |
Priority: | Priority of the SRV response – the priority of the target host, lower value means more preferred. |
Weight: | Weight of the SRV response – a relative weight for records with the same priority, higher value means more preferred. |
P: | Port of the SRV response – the TCP or UDP port on which the service is to be found. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_tsig_additional) |
---|
Generated for DNS replies of type TSIG. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The parsed TSIG reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer, strs: string_vec) |
---|
Generated for DNS replies of type TXT. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
Strs: | The textual information returned by the reply. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer) |
---|
Generated for DNS replies of type WKS. For replies with multiple answers, an individual event of the corresponding type is raised for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg) |
---|
Generated at the end of processing a DNS packet. This event is the last dns_* event that will be raised for a DNS query/reply and signals that all resource records have been passed on.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event () |
---|
Deprecated. Will be removed.
Todo
Unclear what this event is for; it’s never raised. We should just remove it.
Type: | event (c: connection, is_orig: bool, msg: dns_msg, len: count) |
---|
Generated for all DNS messages.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Is_orig: | True if the message was sent by the originator of the connection. |
Msg: | The parsed DNS message header. |
Len: | The length of the message’s raw representation (i.e., the DNS payload). |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_query_reply, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) |
---|
Generated for each entry in the Question section of a DNS reply.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Query: | The queried name. |
Qtype: | The queried resource record type. |
Qclass: | The queried resource record class. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_rejected, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) |
---|
Generated for DNS replies that reject a query. This event is raised if a DNS reply indicates failure because it does not pass on any answers to a query. Note that all of the event’s parameters are parsed out of the reply; there’s no stateful correlation with the query.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Query: | The queried name. |
Qtype: | The queried resource record type. |
Qclass: | The queried resource record class. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_request, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) |
---|
Generated for DNS requests. For requests with multiple queries, this event is raised once for each.
See Wikipedia for more information about the DNS protocol. Bro analyzes both UDP and TCP DNS sessions.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Query: | The queried name. |
Qtype: | The queried resource record type. |
Qclass: | The queried resource record class. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_SRV_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_end, dns_full_request, dns_mapping_altered, dns_mapping_lost_name, dns_mapping_new_name, dns_mapping_unverified, dns_mapping_valid, dns_message, dns_query_reply, dns_rejected, non_dns_request, dns_max_queries, dns_session_timeout, dns_skip_addl, dns_skip_all_addl, dns_skip_all_auth, dns_skip_auth
Type: | event (c: connection, msg: dns_msg, ans: dns_answer) |
---|
Generated on DNS reply resource records when the type of record is not one that Bro knows how to parse and generate another more specific event.
C: | The connection, which may be UDP or TCP depending on the type of the transport-layer session being analyzed. |
---|---|
Msg: | The parsed DNS message header. |
Ans: | The type-independent part of the parsed answer record. |
See also: dns_AAAA_reply, dns_A_reply, dns_CNAME_reply, dns_EDNS_addl, dns_HINFO_reply, dns_MX_reply, dns_NS_reply, dns_PTR_reply, dns_SOA_reply, dns_TSIG_addl, dns_TXT_reply, dns_WKS_reply, dns_SRV_reply, dns_end
Type: | event (c: connection, msg: string) |
---|---|
Msg: | The raw DNS payload. |
Note
This event is deprecated and superseded by Bro’s dynamic protocol detection framework.