topic/seth/dns-srv-fix - Fixing some problems with DNS

Description

This branch and equivalently named branches are ready for merging in the public and private test suites.

We generate the event for SRV responses in DNS now.

Fixed several annoying issues with NetBios name service requests and responses. Fewer incorrect weirds and more correct dns logs now.

Environment

None

Activity

Show:
Robin Sommer
March 9, 2014, 8:17 PM

Let me ask the expected question: any better way to recognize NetBios than hard-coding the port?

Seth Hall
March 10, 2014, 12:50 PM

Hm.. not really. It's probably the most reliable technique to identify it. They literally use the exact same DNS structure, we just encountered reuse of a RR identifier between NBNS and one of the DNS RFCs. We're actually using the port mechanism to identify NBNS queries in script-land anyway (to decide when to decode the encoded MS host names).

Robin Sommer
March 10, 2014, 2:56 PM

Yeah, I saw that, but it's uglier to hardcode a port inside the event
engine. But I was expecting the "no" answer.

(Wondering if anybody has ever seen NB on a non-standard port?)

Anyways, going to push the merge.

Assignee

Robin Sommer

Reporter

Seth Hall

Labels

None

External issue ID

None

Components

Affects versions

Priority

Normal
Configure