topic/seth/dns-srv-fix - Fixing some problems with DNS


This branch and equivalently named branches are ready for merging in the public and private test suites.

We generate the event for SRV responses in DNS now.

Fixed several annoying issues with NetBios name service requests and responses. Fewer incorrect weirds and more correct dns logs now.




Robin Sommer
March 10, 2014, 2:56 PM

Yeah, I saw that, but it's uglier to hardcode a port inside the event
engine. But I was expecting the "no" answer.

(Wondering if anybody has ever seen NB on a non-standard port?)

Anyways, going to push the merge.

Seth Hall
March 10, 2014, 12:50 PM

Hm.. not really. It's probably the most reliable technique to identify it. They literally use the exact same DNS structure, we just encountered reuse of a RR identifier between NBNS and one of the DNS RFCs. We're actually using the port mechanism to identify NBNS queries in script-land anyway (to decide when to decode the encoded MS host names).

Robin Sommer
March 9, 2014, 8:17 PM

Let me ask the expected question: any better way to recognize NetBios than hard-coding the port?



