Skip to content

DNS Plugin

Jump to bottom
Jacob van Walraven edited this page Mar 2, 2020 · 13 revisions

The DNS plugin captures the DNS request/response packets and exports the following fields from the DNS response packet:

{
	"flow_id": 2384,
	"source": {
		"ip": "xxx.xxx.xxx.xxx"
	},
	"destination": {
		"ip": "yyy.yyy.yyy.yyy"
	},
	"protocol": "udp",
	"ethertype": "ipv4",
	"dns": {
		"question_count": 1,
		"answer_count": 0,
		"nameserver_count": 1,
		"additional_count": 0,
		"authoritive_result": "false",
		"truncated_result": "false",
		"recursion_desired": "true",
		"recursion_available": "true",
		"response_code": "0",
		"opcode": "0",
		"rtt": 0.003551,
		"questions": [{
			"question": "google.com.",
			"type": "A"
		}],
		"answers": [{
			"answer": "216.58.200.110",
			"type": "A"
		}],
		"nameservers": [],
		"additionals": []
	},
	"module": "dns",
	"timestamp": 1582853006000
}

Configuration Example:

dns:
    enabled: 0
    # timeout to flush old requests that have not received a response
    timeout_request: 20
    # how often to check for timed out requests with no response
    timeout_check: 20
Clone this wiki locally