[Bro-Dev] #776: DNS not logging replies on trace

Bro Tracker bro at tracker.bro-ids.org
Mon Feb 20 07:56:08 PST 2012

#776: DNS not logging replies on trace
  Reporter:  robin    |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro2.1
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:

Comment (by jsiwek):

 I think by default it just logs the answer section, which is the first
 result you show.  And the second one logs the authority and additional
 sections of the reply because the test suite is loading the
 `policy/protocols/dns/auth-addl.bro` script.  Here's the result I get when
 it's loaded for the single DNS session that you extracted:

 $ bro -r 2009-M57-day11-18.trace.gz.LEDZLphhTIg protocols/dns/auth-
 $ tail -n1 dns.log
 1258563890.835277       n9yOrUVn8g1   51228     53      udp     55939   h.zedo.com      1       C_INTERNET
 1       A       NOERROR F       F       F       T       T       0   7200.000000

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/776#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list