Example event
message
{ "dataType": "Message", "dataTypeId": 1, "key": "7bed8160-c8a1-4cb1-8a28-463909aa6844", "messageType": "ClientResponse", "messageTypeId": 6, "payloadType": "dnstap", "responseAddress": "127.0.0.1", "responseData": { "answers": [ { "class": "IN", "domainName": "h1.example.com.", "rData": "10.0.0.10", "recordType": "A", "recordTypeId": 1, "ttl": 3600 } ], "fullRcode": 0, "header": { "aa": true, "ad": false, "anCount": 1, "arCount": 1, "cd": false, "id": 17940, "nsCount": 0, "opcode": 0, "qdCount": 1, "qr": 1, "ra": false, "rcode": 0, "rd": true, "tc": false }, "opt": { "do": false, "ednsVersion": 0, "extendedRcode": 0, "options": [ { "optCode": 10, "optName": "Cookie", "optValue": "hbbDFmHUM9wBAAAAX1q1McL4KhalWTS3" } ], "udpPayloadSize": 4096 }, "question": [ { "class": "IN", "domainName": "h1.example.com.", "questionType": "A", "questionTypeId": 1 } ], "rcodeName": "NoError", "time": 1599780145568110352, "timePrecision": "ns" }, "responsePort": 0, "serverId": "ubuntu-dev", "serverVersion": "BIND 9.16.5", "socketFamily": "INET", "socketProtocol": "UDP", "sourceAddress": "127.0.0.1", "sourceId": "421bce7d-b4e6-b705-6057-7039628a9847", "sourcePort": 60001, "time": 1599780145568110352, "timePrecision": "ns" }
Parameters
- dataType—the dnstap data type. Currently, only the Message type is defined.
- dataTypeId—the numeric ID of the dnstap data type.
- key—the unique event ID of the message.
- messageType—identifies the type of DNS message. For more information, refer to DNS message types.
- messageTypeId—the numeric ID of the DNS message type.
- payloadType—the event payload type. Currently, only the dnstap type is defined.
- responseAddress—the IP address of the message responder.
- answer—the content of the resource record body of the DNS query message as outlined in RFC1035.
- fullRcode—the full EDNS response code value.
- header—the content of the header of the DNS message as outlined in RFC1035.
- opt—the content of the OPT record definition of the EDNS message as outlined in RFC6891.
- question—the content of the question body of the DNS query message as outlined in RFC1035.
- rcodeName—the response code from the request.
- responsePort—the transport port of the message responder.
- serverId—the ID of the DNS server.
- serverVersion—the BIND version running on the DNS server.
- socketFamily—the network protocol family of the socket.
- socketProtocol—the transport protocol of the socket.
- sourceAddress—the IP address of the message sender.
- sourceId—the system UUID of the DNS server.
- sourcePort—the transport protocol of the message initiator.
- time—the time that the response message was received or sent by the DNS server.
- timePrecision—the measurement of the value in time. The measurement is in nanoseconds (ns).