Feature #4758
open
dns: weird query should have app-layer-event?
Added by Victor Julien almost 4 years ago.
Updated about 1 year ago.
Description
Request A &eventtype=close&reason=5&duration=5285
See attached pcap. Ran this against
rules/dns-events.rules but it triggers nothing. Wondering if it should. Regular rule matches do work.
Files
Why should it have an app-layer event ?
Because you use characters not allowed in domain names such as & ?
This looks more a case for a regular rule, does it not ?
- Tracker changed from Bug to Feature
- Target version set to TBD
- Status changed from New to Feedback
- Assignee set to Community Ticket
Also available in: Atom
PDF