-
Notifications
You must be signed in to change notification settings - Fork 0
DNS Plugin
Jacob van Walraven edited this page Feb 18, 2020
·
13 revisions
The DNS plugin captures the DNS request/response packets and exports the following fields from the DNS response packet:
- source_ip - source IP from the original request packet
- destination_ip - destination IP from the original request packet
- protocol - Protocol for the packet, i.e. TCP or UDP
- ethertype - Ethertype for the packet, i.e. IPv4 or IPv6
- question_count - number of questions asked
- answer_count - Number of answer records returned
- nameserver_count - Number of nameserver/authority records returned
- additional_count - Number of additional records returned
- rtt - time between the DNS request and response packet
- authoritive_result - Is the result authoritive
- truncated_result - Is the result truncated
- recursion_desired - Is recursion desired
- recursion_available - Is recursive available
- response_code
- opcode
- questions [
- question
- type
]
- answers [
- answer
- type
]
- nameservers [
- nameserver
- type
]
- additional [
- additional
- type
]
dns:
enabled: 0
# timeout to flush old requests that have not received a response
timeout_request: 20
# how often to check for timed out requests with no response
timeout_check: 20