Example event
message
{
"dataType": "Message",
"dataTypeId": 1,
"key": "7bed8160-c8a1-4cb1-8a28-463909aa6844",
"messageType": "ClientResponse",
"messageTypeId": 6,
"payloadType": "dnstap",
"responseAddress": "127.0.0.1",
"responseData": {
"answers": [
{
"class": "IN",
"domainName": "h1.example.com.",
"rData": "10.0.0.10",
"recordType": "A",
"recordTypeId": 1,
"ttl": 3600
}
],
"fullRcode": 0,
"header": {
"aa": true,
"ad": false,
"anCount": 1,
"arCount": 1,
"cd": false,
"id": 17940,
"nsCount": 0,
"opcode": 0,
"qdCount": 1,
"qr": 1,
"ra": false,
"rcode": 0,
"rd": true,
"tc": false
},
"opt": {
"do": false,
"ednsVersion": 0,
"extendedRcode": 0,
"options": [
{
"optCode": 10,
"optName": "Cookie",
"optValue": "hbbDFmHUM9wBAAAAX1q1McL4KhalWTS3"
}
],
"udpPayloadSize": 4096
},
"question": [
{
"class": "IN",
"domainName": "h1.example.com.",
"questionType": "A",
"questionTypeId": 1
}
],
"rcodeName": "NoError",
"time": 1599780145568110352,
"timePrecision": "ns"
},
"responsePort": 0,
"serverId": "ubuntu-dev",
"serverVersion": "BIND 9.16.5",
"socketFamily": "INET",
"socketProtocol": "UDP",
"sourceAddress": "127.0.0.1",
"sourceId": "421bce7d-b4e6-b705-6057-7039628a9847",
"sourcePort": 60001,
"time": 1599780145568110352,
"timePrecision": "ns"
}
Parameters
dataType
—the dnstap data type. Currently, only theMessage
type is defined.dataTypeId
—the numeric ID of the dnstap data type.key
—the unique event ID of the message.messageType
—identifies the type of DNS message. For more information, refer to DNS message types.messageTypeId
—the numeric ID of the DNS message type.payloadType
—the event payload type. Currently, only thednstap
type is defined.responseAddress
—the IP address of the message responder.answer
—the content of the resource record body of the DNS query message as outlined in RFC1035.fullRcode
—the full EDNS response code value.header
—the content of the header of the DNS message as outlined in RFC1035.opt
—the content of the OPT record definition of the EDNS message as outlined in RFC6891.question
—the content of the question body of the DNS query message as outlined in RFC1035.rcodeName
—the response code from the request.responsePort
—the transport port of the message responder.serverId
—the ID of the DNS server.serverVersion
—the BIND version running on the DNS server.socketFamily
—the network protocol family of the socket.socketProtocol
—the transport protocol of the socket.sourceAddress
—the IP address of the message sender.sourceId
—the system UUID of the DNS server.sourcePort
—the transport protocol of the message initiator.time
—the time that the response message was received or sent by the DNS server.timePrecision
—the measurement of the value intime
. The measurement is in nanoseconds (ns
).