https://redmine.openinfosecfoundation.org/
https://redmine.openinfosecfoundation.org/favicon.ico?1701117002
2019-03-20T14:09:31Z
Open Information Security Foundation
Suricata - Bug #2891: Empty rrname in DNS answer for non-recurse NS answers
https://redmine.openinfosecfoundation.org/issues/2891?journal_id=11590
2019-03-20T14:09:31Z
Kjell Tore Fossbakk
<ul></ul><p>I enabled the line based log of DNS, same issue:<br /><pre>
03/20/2019-14:11:58.942866 [**] Query TX 9a5e [**] lulz.microsoft.com [**] A [**] 192.168.1.112:49631 -> 192.168.2.249:53
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] Recursion Desired [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] a.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] k.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] g.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] m.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] f.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] d.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] c.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] i.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] h.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] e.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] l.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] b.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
03/20/2019-14:11:58.944778 [**] Response TX 9a5e [**] <root> [**] NS [**] TTL 20320 [**] j.root-servers.net [**] 192.168.2.249:53 -> 192.168.1.112:49631
</pre></p>
Suricata - Bug #2891: Empty rrname in DNS answer for non-recurse NS answers
https://redmine.openinfosecfoundation.org/issues/2891?journal_id=11609
2019-03-22T11:40:40Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Assignee</strong> set to <i>Jason Ish</i></li></ul>
Suricata - Bug #2891: Empty rrname in DNS answer for non-recurse NS answers
https://redmine.openinfosecfoundation.org/issues/2891?journal_id=12611
2019-06-15T21:54:07Z
Andreas Herz
oisf@herzandreas.de
<ul><li><strong>Target version</strong> set to <i>TBD</i></li></ul>
Suricata - Bug #2891: Empty rrname in DNS answer for non-recurse NS answers
https://redmine.openinfosecfoundation.org/issues/2891?journal_id=30582
2023-11-08T15:04:51Z
Philippe Antoine
<ul></ul><p>Log is<br /><pre>
"dns": {
"version": 2,
"type": "answer",
"id": 39518,
"flags": "8080",
"qr": true,
"ra": true,
"opcode": 0,
"rrname": "lulz.microsoft.com",
"rrtype": "A",
"rcode": "NOERROR",
"authorities": [
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "a.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "k.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "g.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "m.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "f.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "d.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "c.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "i.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "h.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "e.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "l.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "b.root-servers.net"
},
{
"rrname": "",
"rrtype": "NS",
"ttl": 85856,
"rdata": "j.root-servers.net"
}
]
}
</pre></p>
<p>What is expected instead ? Wireshark seems to give the same...</p>