DNS response event - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Product name
BlueCat Integrity
Example event message
    "dataType": "Message",
    "dataTypeId": 1,
    "key": "7bed8160-c8a1-4cb1-8a28-463909aa6844",
    "messageType": "ClientResponse",
    "messageTypeId": 6,
    "payloadType": "dnstap",
    "responseAddress": "",
    "responseData": {
        "answers": [
                "class": "IN",
                "domainName": "h1.example.com.",
                "rData": "",
                "recordType": "A",
                "recordTypeId": 1,
                "ttl": 3600
        "fullRcode": 0,
        "header": {
            "aa": true,
            "ad": false,
            "anCount": 1,
            "arCount": 1,
            "cd": false,
            "id": 17940,
            "nsCount": 0,
            "opcode": 0,
            "qdCount": 1,
            "qr": 1,
            "ra": false,
            "rcode": 0,
            "rd": true,
            "tc": false
        "opt": {
            "do": false,
            "ednsVersion": 0,
            "extendedRcode": 0,
            "options": [
                    "optCode": 10,
                    "optName": "Cookie",
                    "optValue": "hbbDFmHUM9wBAAAAX1q1McL4KhalWTS3"
            "udpPayloadSize": 4096
        "question": [
                "class": "IN",
                "domainName": "h1.example.com.",
                "questionType": "A",
                "questionTypeId": 1
        "rcodeName": "NoError",
        "time": 1599780145568110352,
        "timePrecision": "ns"
    "responsePort": 0,
    "serverId": "ubuntu-dev",
    "serverVersion": "BIND 9.16.5",
    "socketFamily": "INET",
    "socketProtocol": "UDP",
    "sourceAddress": "",
    "sourceId": "421bce7d-b4e6-b705-6057-7039628a9847",
    "sourcePort": 60001,
    "time": 1599780145568110352,
    "timePrecision": "ns"
  • dataType—the dnstap data type. Currently, only the Message type is defined.
  • dataTypeId—the numeric ID of the dnstap data type.
  • key—the unique event ID of the message.
  • messageType—identifies the type of DNS message. For more information, refer to DNS message types.
  • messageTypeId—the numeric ID of the DNS message type.
  • payloadType—the event payload type. Currently, only the dnstap type is defined.
  • responseAddress—the IP address of the message responder.
  • answer—the content of the resource record body of the DNS query message as outlined in RFC1035.
  • fullRcode—the full EDNS response code value.
  • header—the content of the header of the DNS message as outlined in RFC1035.
  • opt—the content of the OPT record definition of the EDNS message as outlined in RFC6891.
  • question—the content of the question body of the DNS query message as outlined in RFC1035.
  • rcodeName—the response code from the request.
  • responsePort—the transport port of the message responder.
  • serverId—the ID of the DNS server.
  • serverVersion—the BIND version running on the DNS server.
  • socketFamily—the network protocol family of the socket.
  • socketProtocol—the transport protocol of the socket.
  • sourceAddress—the IP address of the message sender.
  • sourceId—the system UUID of the DNS server.
  • sourcePort—the transport protocol of the message initiator.
  • time—the time that the response message was received or sent by the DNS server.
  • timePrecision—the measurement of the value in time. The measurement is in nanoseconds (ns).