[Bro-Dev] [JIRA] (BIT-911) SRV replies don't get processed by DNS analyzer

Bernhard Amann (JIRA) jira at bro-tracker.atlassian.net
Thu Nov 7 08:18:31 PST 2013

    [ https://bro-tracker.atlassian.net/browse/BIT-911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14623#comment-14623 ] 

Bernhard Amann commented on BIT-911:

I just took a short look at this and it still does not seem to work (I think we fixed some dns issues for 2.2).

> SRV replies don't get processed by DNS analyzer
> -----------------------------------------------
>                 Key: BIT-911
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-911
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Vern Paxson
>             Fix For: 2.3
>         Attachments: tdns-srv.bug.trace
> The event engine doesn't appear to generate {{dns_SRV_reply}} in some cases, as indicated by running on the attached trace.  I've tried this with both the default DNS analysis and my own custom analysis (that uses \-b to not run other stuff) and have confirmed that the reply event isn't getting generated, even though there aren't any checksum issues or such.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list