[Bro-Dev] #776: DNS not logging replies on trace (was: DNS not logging some replies on trace)

Bro Tracker bro at tracker.bro-ids.org
Fri Feb 17 15:20:06 PST 2012 

#776: DNS not logging replies on trace
----------------------+------------------------
  Reporter:  robin    |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro2.1
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:
----------------------+------------------------
Description changed by robin:

Old description:

> I'm attaching a DNS session (extracted from the test suite) for which Bro
> does not log all the replies. dns.log looks like this:
>
> {{{
> 1258563890.835277       JFmrS5rE7re     192.168.1.103   51228
> 192.168.1.1     53      udp     55939   h.zedo.com      1
> C_INTERNET      1       A       0       NOERROR     F       F       F
> T       T       0       63.211.147.11   7200.000000
> }}}
>
> However, when running the test suite on the full trace, it logs them all:
>
> {{{
> 1258563890.835277       LEDZLphhTIg     192.168.1.103   51228
> 192.168.1.1     53      udp     55939   h.zedo.com      1
> C_INTERNET      1       A       0       NOERROR     F       F       F
> T       T       0       63.211.147.11   7200.000000
> pdns4.ultradns.org,pdns1.ultradns.net,pdns5.ultradns.info,pdns2.ultradns.net,pdns3.ultradns.org,pdns6.ultradns.co.uk
> 199.7.69.1,204.74.114.1,204.74.115.1,199.7.68.1,2001:502:4612::1
> }}}

New description:

 I'm attaching a DNS session (extracted from the test suite) for which Bro
 does not log the replies. dns.log looks like this:

 {{{
 1258563890.835277       JFmrS5rE7re     192.168.1.103   51228
 192.168.1.1     53      udp     55939   h.zedo.com      1       C_INTERNET
 1       A       0       NOERROR     F       F       F       T       T
 0       63.211.147.11   7200.000000
 }}}

 However, when running the test suite on the full trace, it logs them all:

 {{{
 1258563890.835277       LEDZLphhTIg     192.168.1.103   51228
 192.168.1.1     53      udp     55939   h.zedo.com      1       C_INTERNET
 1       A       0       NOERROR     F       F       F       T       T
 0       63.211.147.11   7200.000000
 pdns4.ultradns.org,pdns1.ultradns.net,pdns5.ultradns.info,pdns2.ultradns.net,pdns3.ultradns.org,pdns6.ultradns.co.uk
 199.7.69.1,204.74.114.1,204.74.115.1,199.7.68.1,2001:502:4612::1
 }}}

--

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/776#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list