DNS query event - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0
Example event message
{
    "dataType": "Message",
    "dataTypeId": 1,
    "key": "7bed8160-c8a1-4cb1-8a28-463909aa6844",
    "messageType": "AuthQuery",
    "messageTypeId": 1,
    "payloadType": "dnstap",
    "requestData": {
        "fullRcode": 0,
        "header": {
            "aa": false,
            "ad": true,
            "anCount": 0,
            "arCount": 1,
            "cd": false,
            "id": 3341,
            "nsCount": 0,
            "opcode": 0,
            "qdCount": 1,
            "qr": 0,
            "ra": false,
            "rcode": 0,
            "rd": true,
            "tc": false
        },
        "opt": {
            "do": false,
            "ednsVersion": 0,
            "extendedRcode": 0,
            "options": [
                {
                    "optCode": 10,
                    "optName": "Cookie",
                    "optValue": "hbbDFmHUM9w="
                }
            ],
            "udpPayloadSize": 4096
        },
        "question": [
            {
                "class": "IN",
                "domainName": "h1.example.com.",
                "questionType": "A",
                "questionTypeId": 1
            }
        ],
        "rcodeName": "NoError",
        "time": 1599780145572110343,
        "timePrecision": "ns"
    },
    "responseAddress": "127.0.0.1",
    "responsePort": 0,
    "serverId": "test-server",
    "serverVersion": "BIND 9.16.5",
    "socketFamily": "INET",
    "socketProtocol": "UDP",
    "sourceAddress": "127.0.0.1",
    "sourceId": "421bce7d-b4e6-b705-6057-7039628a9847",
    "sourcePort": 39207,
    "time": 1599780145572110343,
    "timePrecision": "ns"
}
Parameters
  • dataType—the dnstap data type. Currently, only the Message type is defined.
  • dataTypeId—the numeric ID of the dnstap data type.
  • key—the unique event ID of the message.
  • messageType—identifies the type of DNS message. For more information, refer to DNS message types.
  • messageTypeId—the numeric ID of the DNS message type.
  • payloadType—the event payload type. Currently, only the dnstap type is defined.
  • fullRcode—the full EDNS response code value.
  • header—the content of the header of the DNS message as outlined in RFC1035.
  • opt—the content of the OPT record definition of the EDNS message as outlined in RFC6891.
  • question—the content of the question body of the DNS query message as outlined in RFC1035.
  • rcodeName—the response code from the request.
  • responseAddress—the IP address of the message responder.
  • responsePort—the transport port of the message responder.
  • serverId—the ID of the DNS server.
  • serverVersion—the BIND version running on the DNS server.
  • socketFamily—the network protocol family of the socket.
  • socketProtocol—the transport protocol of the socket.
  • sourceAddress—the IP address of the message sender.
  • sourceId—the system UUID of the DNS server.
  • sourcePort—the transport protocol of the message initiator.
  • time—the time that the query message was received or sent by the DNS server.
  • timePrecision—the measurement of the value in time. The measurement is in nanoseconds (ns).