DNS update query event - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0
Example event message
{
    "dataType": "Message",
    "dataTypeId": 1,
    "messageType": "UpdateQuery",
    "messageTypeId": 13,
    "payloadType": "dnstap",
    "responseAddress": "127.0.0.1",
    "responsePort": 0,
    "serverId": "ubuntu-dev",
    "serverVersion": "BIND 9.16.5",
    "socketFamily": "INET",
    "socketProtocol": "UDP",
    "sourceAddress": "127.0.0.1",
    "sourceId": "421bce7d-b4e6-b705-6057-7039628a9847",
    "sourcePort": 53141,
    "source_type": "dnstap",
    "time": 1599832089886768480,
    "timePrecision": "ns",
    "requestData": {
        "fullRcode": 0,
        "header": {
            "adCount": 0,
            "id": 47320,
            "opcode": 5,
            "prCount": 0,
            "qr": 0,
            "rcode": 0,
            "upCount": 1,
            "zoCount": 1
        },
        "rcodeName": "NoError",
        "time": 1599832089886768480,
        "timePrecision": "ns",
        "update": [
            {
                "class": "IN",
                "domainName": "host.example.com.",
                "rData": "10.0.0.18",
                "recordType": "A",
                "recordTypeId": 1,
                "ttl": 3600
            }
       ],
       "zone": {
            "zClass": "IN",
            "zName": "example.com.",
            "zType": "SOA",
            "zTypeId": 6
       }
    }
}
Parameters
  • dataType—identifies that the event is a message.
  • dataTypeId—the enum value of the event type.
  • messageType—identifies the type of DNS message. For more information, refer to DNS message types.
  • messageTypeId—the enum value of the type of DNS message.
  • payloadType—the payload type of DNS message. This is dnstap.
  • responseAddress—the IP address of the message responder.
  • responsePort—the transport port of the message responder.
  • serverId—the ID of the DNS server.
  • serverVersion—the BIND version running on the DNS server.
  • socketFamily—the network protocol family of the socket.
  • socketProtocol—the transport protocol of the socket.
  • sourceAddress—the IP address of the message sender.
  • sourceId—the system UUID of the DNS server.
  • sourcePort—the transport protocol of the message initiator.
  • source_type—the tool used to generate the event message. The tool is dnstap.
  • time—the time that the query event message was received.
  • timePrecision—the measurement of the value in time. The measurement is in nanoseconds (ns).
  • fullRcode—the full EDNS response code value.
  • header—the content of the header of the DNS message as outlined in RFC2136.
  • rcodeName—the response code from the request.
  • update—the content of the updated resource record body of the DNS query message as outlined in RFC2136.
  • zone—the content of the zone section of the DNS query message as outlined in RFC2136.