/v3/api/dnsQueryLogs/{queryId} (GET) - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

Returns details for a specific query.

GET https://api-<BlueCat.edge.url>/v3/api/dnsQueryLogs/{queryId}
Authorization: Bearer token

Successful response

200 OK
Content-Type: application/JSON
[
  {
    "time": 1588863296043,
    "source": "197.210.227.230",
    "siteId": "91d9e73b-c5ce-4f92-a419-5d421e8fef25",
    "query": "VERSION.BIND.",
    "queryType": "TXT",
    "actionTaken": "query-response",
    "response": "NOERROR",
    "id": "1588863296043BF913F410812953C6909E622C4702754",
    "matchedPolicies": [
    ],
    "answers": [
        {
            "domainName": "VERSION.BIND.",
            "recordType": "TXT",
            "parsed": true,
            "rData": "1.0.0"
        }
    ],
    "authority": [],
    "queryProtocol": "UDP",
    "threats": [],
    "queriedNamespaces": [
        {
            "id": "9bba84cc-00eb-4a6a-985b-b9cadb9de93a",
            "name": "Umbrella",
            "rCode": "NOERROR",
            "responseData": null,
            "latency": 0,
            "cycle": 0
        },
      ....
    ],
    "latency": 2,
    "queryId": 18157,
    "queryClassId": 1,
    "queryEdnsOptions": [
        {
            "code": 8, 
            "value": "2600:1f18:1321:3900::/64/0"
        }
    ],
    "responseEdnsOptions": [
        {
            "code": 8, 
            "value": "2600:1f18:1321:3900::/64/0"
        }
    ],
    "identity": 
        {
            "identityId": "identity_id_example",
            "userId": "example@test.bluecat.com"
        },
    "appliedPolicyId": null,
    "redirectDomain": null
 }

Returns the following information:

  • Time: Unix time (in milliseconds) when the DNS query was made. (This is the request time, not the response time or logging time.)
  • Source: The IP address of the client making the DNS query.
  • Site: The site name of the service point handling the query.
  • Query: The domain name being queried.
  • Query Type: The query type.
  • Response: The response code (for example NXDOMAIN, NOERROR or SERVFAIL).
  • ID: An identifier that can be passed to key in subsequent requests (used for paging through lots of data)
  • Action Taken: If no policy was matched, this will be "query-response", otherwise this will be either block,redirect, or monitor
  • Matched Policies: List of policy IDs and names that matched the given query

    The number of entries in the list depends on the number of queries within specified period. The list returned may be empty.

  • Authority: The authority assigned to the DNS query.
  • Query Protocol: The protocol of the DNS query (usually UDP or TCP).
  • Threats: The list of possible threats detected during the query analysis.
  • Queried Namespaces: The list of namespaces the DNS query was queried against. This includes the ID of the namespace, name of the namespace, the response code that was returned, the rdata of the response, and the latency of the response.
  • Latency: The latency (in milliseconds) of the DNS query.
  • Query ID: The query ID.
  • Query Class ID: The ID of the DNS record class.
  • Query EDNS Options: A list of EDNS query options returned. Currently, only EDNS Client Subnet (ECS) query option information is returned.
  • Response EDNS Options: A list of EDNS response options returned. Currently, only EDNS Client Subnet (ECS) response option information is returned.
  • Identity: Contains information about the user that initiated the query. This information is only available if you have the identity service enabled and the Add identity information to queries option enabled on the site.
  • Applied Policy ID: The Edge policy that took action on the query.
  • Redirect Domain: The domain that the query was redirected to.

Possible error codes

  • NOT_FOUND
  • UNEXPECTED_ERROR