[Bro] Questions about Bro's DNS Parser

Vern Paxson vern at icir.org
Sat Feb 6 23:00:00 PST 2010


> The problem is, even with the -C option, some packets that have error  
> codes such as "Server Failure" or "No Such Name Exists" are not being  
> logged in the DNS log file.

Ah - this rings a bell.  I believe Seth has a fix for this problem (and
in general a reworked dns.bro), which would be great to incorporate into
the next Bro release.  I'll let him comment further.

		Vern



More information about the Bro mailing list