Example event
message
{
"dataType": "Message",
"dataTypeId": 1,
"messageType": "UpdateResponse",
"messageTypeId": 14,
"payloadType": "dnstap",
"responseAddress": "127.0.0.1",
"responsePort": 0,
"serverId": "ubuntu-dev",
"serverVersion": "BIND 9.16.5",
"socketFamily": "INET",
"socketProtocol": "UDP",
"sourceAddress": "127.0.0.1",
"sourceId": "421bce7d-b4e6-b705-6057-7039628a9847",
"sourcePort": 53141,
"source_type": "dnstap",
"time": 1599832089890768466,
"timePrecision": "ns",
"responseData": {
"fullRcode": 0,
"header": {
"adCount": 0,
"id": 47320,
"opcode": 5,
"prCount": 0,
"qr": 1,
"rcode": 0,
"upCount": 0,
"zoCount": 1
},
"rcodeName": "NoError",
"time": 1599832089890768466,
"timePrecision": "ns",
"zone": {
"zClass": "IN",
"zName": "example.com.",
"zType": "SOA",
"zTypeId": 6
}
}
}
Parameters
dataType
—identifies that the event is a message.dataTypeId
—the enum value of the event type.messageType
—identifies the type of DNS message. For more information, refer to DNS message types.messageTypeId
—the enum value of the type of DNS message.payloadType
—the payload type of DNS message. This isdnstap
.responseAddress
—the IP address of the message responder.responsePort
—the transport port of the message responder.serverId
—the ID of the DNS server.serverVersion
—the BIND version running on the DNS server.socketFamily
—the network protocol family of the socket.socketProtocol
—the transport protocol of the socket.sourceAddress
—the IP address of the message sender.sourceId
—the system UUID of the DNS server.sourcePort
—the transport protocol of the message initiator.source_type
—the tool used to generate the event message. The tool isdnstap
.time
—the time that the query event message was received.timePrecision
—the measurement of the value intime
. The measurement is innanoseconds (ns)
.fullRcode
—the full EDNS response code value.header
—the content of the header of the DNS message as outlined in RFC2136.rcodeName
—the response code from the request.zone
—the content of the zone section of the DNS query message as outlined in RFC2136.