[Bro] Additional Records in DNS
Chris Crawford
christopher.p.crawford at gmail.com
Wed Jul 10 13:04:04 PDT 2013
I'm trying to write a bro script that pulls out authoritative nameservers
and additional records from DNS.
I think I need the the dns_EDNS_addl event to get at that part of a DNS
reply, since the dns_edns_additional structure seems like it has the
information I'm looking for:
http://trac.bro-ids.org/sphinx-git/scripts/base/init-bare.html#type-dns_edns_additional
Unfortunately, it looks like dns_EDNS_addl isn't implemented yet:
# scripts/base/protocols/dns/main.bro
318 # TODO: figure out how to handle these
324 #event dns_EDNS_addl(c: connection, msg: dns_msg, ans:
dns_edns_additional)
Has anyone worked out a way to grab this information from a DNS reply?
If not, could anyone point me in the right direction so that I can roll my
own solution?
-Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130710/6ea1bb67/attachment.html
More information about the Bro
mailing list