Project

General

Profile

Actions
Copy link

Bug #4135

open
JI JI

dns: response only udp not detected as dns

Bug #4135: dns: response only udp not detected as dns

Added by Jason Ish over 5 years ago. Updated 11 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Jason Ish
Target version:
9.0.0-beta1
Affected Versions:
6.0.0
Effort:
Difficulty:
Label:

Description

If only a DNS response is seen on a UDP session it will not be detected and parsed as DNS with the default configuration.

Enabling stream.midstream does allow it to be picked up, but this is just an unintended side affect as stream.midstream is really a TCP setting. Likewise, enabling async streams allows this scenario to work for TCP DNS, but doesn't affect UDP DNS.

My feeling is that this should just work with the default configuration.

Related issues 1 (0 open1 closed)

Related to Suricata - Optimization #2272: Analyze DNS response if query is not presentRejectedJason IshActions

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #1

  • Assignee set to OISF Dev
  • Target version set to 7.0.0-beta1

Depending on complexity of the solution we can consider backports as well.

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #2

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #3

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jason Ish
  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1

VJ Updated by Victor Julien about 3 years ago Actions
Copy link
 #4

  • Target version changed from 7.0.0-rc1 to 8.0.0-beta1

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #5

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

VJ Updated by Victor Julien 11 months ago Actions
Copy link
 #6

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link

Also available in: PDF Atom