Feature #2970
closedDNS: Parse and extract SOA app layer data from DNS packets
Description
At the moment the DNS parser gives you "SOA" as rrtype, but the related metadata of those SOA records/DNS packets are missing. In the attached pcap you can find the current output.
I would expect something like this (equivalent to the content in Wireshark output):
Answers
suricon.net: type SOA, class IN, mname ns1.siteground199.com
Name: suricon.net
Type: SOA (Start Of a zone of Authority) (6)
Class: IN (0x0001)
Time to live: 21599
Data length: 50
Primary name server: ns1.siteground199.com
Responsible authority's mailbox: root.siteground199.com
Serial Number: 2018092604
Refresh Interval: 86400 (1 day)
Retry Interval: 7200 (2 hours)
Expire limit: 3600000 (41 days, 16 hours)
Minimum TTL: 86400 (1 day)
Files
Updated by Andreas Herz almost 5 years ago
- Assignee set to Community Ticket
- Target version set to TBD
Updated by Simon Dugas about 4 years ago
I started looking into this: https://github.com/OISF/suricata/pull/4830
Updated by Victor Julien almost 4 years ago
- Status changed from New to In Review
- Assignee changed from Community Ticket to Simon Dugas
- Target version changed from TBD to 6.0.0beta1
Updated by Victor Julien over 3 years ago
- Target version changed from 6.0.0beta1 to 7.0.0-beta1
Updated by Victor Julien over 3 years ago
- Status changed from In Review to Closed
- Target version changed from 7.0.0-beta1 to 6.0.0rc1