Skip to content

net_packet_dns_response

NAME

net_packet_dns_response - capture DNS response packets

DESCRIPTION

This event captures DNS response packets in the network traffic. DNS (Domain Name System) responses contain answers to DNS queries, providing information like IP addresses, mail server records, or other DNS resource records. The event provides detailed information about both the network metadata and the DNS response content.

EVENT SETS

default, network_events

DATA FIELDS

metadata (trace.PktMeta) : Network packet metadata containing: - src_ip (string): Source IP address - dst_ip (string): Destination IP address - src_port (uint16): Source port number - dst_port (uint16): Destination port number - protocol (uint8): IP protocol number - packet_len (uint32): Packet length - iface (string): Network interface

dns_response ([]trace.DnsResponseData) : DNS response data containing: - query_data: Original query information - query (string): Queried domain name - query_type (string): Query type (A, AAAA, MX, etc.) - query_class (string): Query class (usually IN) - dns_answer: Array of answers - answer_type (string): Type of answer (A, CNAME, etc.) - ttl (uint32): Time to live value - answer (string): Answer data

DEPENDENCIES

  • net_packet_dns_base: Base DNS packet processing

USE CASES

  • DNS monitoring: Track domain resolutions

  • Network debugging: Diagnose DNS issues

  • Security analysis: Detect DNS-based threats

  • Traffic analysis: Understand DNS patterns

DNS RESPONSE TYPES

Common response types include:

  • A/AAAA: IPv4/IPv6 addresses
  • CNAME: Canonical names
  • MX: Mail exchange servers
  • NS: Name servers
  • PTR: Reverse DNS lookups
  • SOA: Start of authority
  • TXT: Text records
  • SRV: Service records

RESPONSE COMPONENTS

Key response elements:

  • Answer section: Contains resource records
  • Authority section: Authoritative nameservers
  • Additional section: Extra information
  • Response codes: Success/error status
  • Flags: Various control flags
  • TTL values: Cache duration

SECURITY IMPLICATIONS

Important security aspects:

  • DNS tunneling detection
  • Domain generation algorithms
  • DNS-based malware C2
  • Cache poisoning attempts
  • DNS hijacking
  • Zone transfer attempts
  • net_packet_dns: General DNS packet events
  • net_packet_dns_request: DNS query packets
  • net_packet_ip: IP packet events
  • net_packet_tcp: TCP packet events
  • net_packet_udp: UDP packet events