topic/jsiwek/dns-improvements

Description

This branch is in bro, bro-testing, and bro-testing-private repos.

  • Fixes incorrect parsing of DNS message format for messages with empty question sections.

  • Changes dns.log to only include standard queries (opcode == 1).

  • Adds "dns_unknown_reply" event for RR types that Bro doesn't know how to parse, which improves accuracy of request-reply pair matching performed by the default DNS scripts.

Environment

None

Assignee

Seth Hall

Reporter

Jon Siwek

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure