Project

General

Profile

Actions
Copy link

Bug #1664

closed

Unreplied DNS queries not logged when flow is aged out

Added by Ray Ruvinskiy over 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
High
Assignee:
Jason Ish
Target version:
3.1.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a DNS query is not followed by a response before the flow is timed out, the DNS transaction is not logged at all. I was wondering if there's a way to trigger the tx logging before the flow is flushed out.

This is observed with suricata 3.0RC1.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #1419: DNS transaction handling issuesClosedJason Ish03/17/2015Actions
Actions
Copy link
 #1

Updated by Victor Julien over 8 years ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 70
Actions
Copy link
 #2

Updated by Victor Julien almost 8 years ago

  • Priority changed from Normal to High
Actions
Copy link
 #3

Updated by Jason Ish almost 8 years ago

  • Related to Bug #1419: DNS transaction handling issues added
Actions
Copy link
 #4

Updated by Jason Ish almost 8 years ago

I believe this is related to issue #1419.

Actions
Copy link
 #5

Updated by Jason Ish almost 8 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 3.1.1

Fixed. See https://github.com/inliniac/suricata/pull/2174

The DNS query is now logged after the query is complete instead of waiting for the reply. So a missing reply will no longer result in not logging the query.

Actions
Copy link
 #6

Updated by Victor Julien almost 8 years ago

  • Assignee changed from Victor Julien to Jason Ish
Actions
Copy link

Also available in: Atom PDF