Project

General

Profile

Actions
Copy link

Bug #4135

open
JI JI

dns: response only udp not detected as dns

Bug #4135: dns: response only udp not detected as dns

Added by Jason Ish over 5 years ago. Updated 11 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Jason Ish
Target version:
9.0.0-beta1
Affected Versions:
6.0.0
Effort:
Difficulty:
Label:

Description

If only a DNS response is seen on a UDP session it will not be detected and parsed as DNS with the default configuration.

Enabling stream.midstream does allow it to be picked up, but this is just an unintended side affect as stream.midstream is really a TCP setting. Likewise, enabling async streams allows this scenario to work for TCP DNS, but doesn't affect UDP DNS.

My feeling is that this should just work with the default configuration.

Related issues 1 (0 open1 closed)

Related to Suricata - Optimization #2272: Analyze DNS response if query is not presentRejectedJason IshActions
Actions
Copy link

Also available in: PDF Atom