[Bro] DNSSEC Support
Dave Crawford
bro at pingtrip.com
Wed Apr 27 17:21:39 PDT 2016
It doesn't appear that there is full support for DNSSEC RR types in the current release and I'm looking for the best option in the meantime.
For example, answers that include RRSIG's will produce a vector similar to ["192.168.1.1","<unknown type=46>"] with a corresponding event in weird.log of "DNS_RR_unknown_type".
In protocols/dns/consts.bro I see type 46 is included in the query_type map but based on the variable name I assume its not applied to answers?
-Dave
More information about the Bro
mailing list