[Bro] DNSSEC Support
fatema bannatwala
fatema.bannatwala at gmail.com
Sat Oct 13 10:23:00 PDT 2018
>Date: Wed, 27 Apr 2016 20:21:39 -0400
>From: Dave Crawford <bro at pingtrip.com>
>Subject: [Bro] DNSSEC Support
>To: bro <bro at bro.org>
>Message-ID: <D82261C5-A89B-4861-A12C-B37D8AED1ED4 at pingtrip.com>
>Content-Type: text/plain; charset=us-ascii
>
>It doesn't appear that there is full support for DNSSEC RR types in the
current release and I'm >looking for the best option in the meantime.
>
> For example, answers that include RRSIG's will produce a vector similar
to ["192.168.1.1"," > <unknown type=46>"] with a corresponding event in
weird.log of "DNS_RR_unknown_type".
>
> In protocols/dns/consts.bro I see type 46 is included in the query_type
map but based on the >variable name I assume its not applied to answers?
>
> -Dave
Hi Dave,
There were some recent commits done to support these DNSSEC RR types
parsing in Bro: RRSIG, DNSKEY, DS, NSEC, NSEC3.
If you want to give it a try, it's available in dev/2.7 branch or a forked
branch from 2.5.4 at following:
https://github.com/fatemabw/bro/tree/master (bro 2.5.4 with dnssec)
https://github.com/bro/bro/tree/dev/2.7
Apologies for the delay.
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181013/516f50aa/attachment.html
More information about the Bro
mailing list