Analyze DNS response if query is not present
A DNS event should be logged in the eve.json file if the DNS response is available in the packet stream only (meaning that the DNS query to the response is missing). At the moment DNS queries are always generating a DNS event entry. DNS responses are only generating an entry if the appropriate DNS query is present in the packet stream. This behavior is the same in the C and in the RUST implementation of the DNS plugin.
The test PCAP attached:
dns.pcap: 2 packets, a DNS query and the corresponding response; generating 2 DNS event entires in the eve.json file
dnsquery.pcap: Only the query contained in dns.pcap; generating 1 DNS even entry in the eve.json file
dnsresponse.pcap: Only the response contained in dns.pcap; generating 0 DNS event entries in the eve.json file (should generate 1 entry)