ContextQMD
Back to Beats

DNS fields [exported-fields-dns]

docs/reference/packetbeat/exported-fields-dns.md

9.4.03.4 KB
Original Source

% This file is generated! See dev-tools/mage/generate_fields_docs.go

DNS fields [exported-fields-dns]

DNS-specific event fields.

dns.flags.authoritative : A DNS flag specifying that the responding server is an authority for the domain name used in the question.

type: boolean

dns.flags.recursion_available : A DNS flag specifying whether recursive query support is available in the name server.

type: boolean

dns.flags.recursion_desired : A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.

type: boolean

dns.flags.authentic_data : A DNS flag specifying that the recursive server considers the response authentic.

type: boolean

dns.flags.checking_disabled : A DNS flag specifying that the client disables the server signature validation of the query.

type: boolean

dns.flags.truncated_response : A DNS flag specifying that only the first 512 bytes of the reply were returned.

type: boolean

dns.question.etld_plus_one : The effective top-level domain (eTLD) plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org.

example: amazon.co.uk.

dns.answers_count : The number of resource records contained in the dns.answers field.

type: long

dns.authorities : An array containing a dictionary for each authority section from the answer.

type: object

dns.authorities_count : The number of resource records contained in the dns.authorities field. The dns.authorities field may or may not be included depending on the configuration of Packetbeat.

type: long

dns.authorities.name : The domain name to which this resource record pertains.

example: example.com.

dns.authorities.type : The type of data contained in this resource record.

example: NS

dns.authorities.class : The class of DNS data contained in this resource record.

example: IN

dns.additionals : An array containing a dictionary for each additional section from the answer.

type: object

dns.additionals_count : The number of resource records contained in the dns.additionals field. The dns.additionals field may or may not be included depending on the configuration of Packetbeat.

type: long

dns.additionals.name : The domain name to which this resource record pertains.

example: example.com.

dns.additionals.type : The type of data contained in this resource record.

example: NS

dns.additionals.class : The class of DNS data contained in this resource record.

example: IN

dns.additionals.ttl : The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.

type: long

dns.additionals.data : The data describing the resource. The meaning of this data depends on the type and class of the resource record.

dns.opt.version : The EDNS version.

example: 0

dns.opt.do : If set, the transaction uses DNSSEC.

type: boolean

dns.opt.ext_rcode : Extended response code field.

example: BADVERS

dns.opt.udp_size : Requestor's UDP payload size (in bytes).

type: long