[Bro] Questions about Bro's DNS Parser
vern at icir.org
Sat Feb 6 23:00:00 PST 2010
> The problem is, even with the -C option, some packets that have error
> codes such as "Server Failure" or "No Such Name Exists" are not being
> logged in the DNS log file.
Ah - this rings a bell. I believe Seth has a fix for this problem (and
in general a reworked dns.bro), which would be great to incorporate into
the next Bro release. I'll let him comment further.
More information about the Bro