示例事件消息
{
"dataType":"Message",
"dataTypeId":1,
"key":"7bed8160-c8a1-4cb1-8a28-463909aa6844",
"messageType":"ClientResponse",
"messageTypeId":6,
"payloadType": "dnstap",
"responseAddress":"127.0.0.1",
"responseData": {
"answers": [
{
"class":"IN",
"domainName": "h1.example.com.",
"rData":"10.0.0.10",
"recordType":"A",
"recordTypeId":1,
"ttl":3600
}
],
"fullRcode":0,
"header": {
"aa": true,
"ad": false,
"anCount":1,
"arCount":1,
"cd": false,
"id":17940,
"nsCount":0,
"opcode":0,
"qdCount":1,
"qr":1,
"ra": false,
"rcode":0,
"rd": true,
"tc": false
},
"opt": {
"do": false,
"ednsVersion":0,
"extendedRcode":0,
"options": [
{
"optCode":10,
"optName":"Cookie",
"optValue": "hbbDFmHUM9wBAAAAX1q1McL4KhalWTS3"
}
],
"udpPayloadSize":4096
},
"question": [
{
"class":"IN",
"domainName": "h1.example.com.",
"questionType":"A",
"questionTypeId":1
}
],
"rcodeName":"NoError",
"time":1599780145568110352,
"timePrecision": "ns"
},
"responsePort":0,
"serverId": "ubuntu-dev",
"serverVersion":"BIND 9.16.5",
"socketFamily":"INET",
"socketProtocol":"UDP",
"sourceAddress":"127.0.0.1",
"sourceId":"421bce7d-b4e6-b705-6057-7039628a9847",
"sourcePort":60001,
"time":1599780145568110352,
"timePrecision": "ns"
}
参数
dataType
—dnstap 数据类型。当前,仅定义了Message
类型。dataType
—dnstap 数据类型的数字 ID。key
—消息的唯一事件 ID。messageType
—标识 DNS 消息的类型。有关更多信息,请参阅DNS 消息类型。messageTypeId
—DNS 消息类型的数字 ID。payloadType
—事件负载类型。当前,仅定义了dnstap
类型。responseAddress
—消息响应程序的 IP 地址。answer
—the content of the resource record body of the DNS query message as outlined in RFC1035 中概述的 DNS 查询消息的资源记录正文的内容。fullRcode
—完全 EDNS 响应代码值。header
—RFC1035 中概述的 DNS 消息的标题的内容。opt
—RFC6891 中概述的 EDNS 消息的 OPT 记录定义的内容。question
—RFC1035 中概述的 DNS 查询消息的问题正文的内容。rcodeName
—来自请求的响应代码。responsePort
—消息响应程序的传输端口。serverId
—DNS 服务器的 ID。serverVersion
—DNS 服务器上运行的 BIND 版本。socketFamily
—套接件的网络协议系列。socketProtocol
—套接件的传输协议。sourceAddress
—消息发件人的 IP 地址。sourceId
—DNS 服务器的系统 UUID。sourcePort
—消息发起程序的传输协议。time
—DNS 服务器收到或发送响应消息的时间。timePrecision
—值按time
进行度量。以 nanoseconds (ns
) 作为度量。