DNS EDRs
Introduction
These EDRs are generated by the LogicApp when processing inbound DNS messages using the DNS Lua Service.
All EDRS generated using the DNS service have the Event Type SNS-DNS.
Common Format
The configuration parameters for configuring EDR output including filename structure
and location is defined in the configuration documentation for the EdrApp which is
a base component provided by the n2svcd package.
All EDRs are written by the EdrApp application using its file and record formatting rules.
Refer to the N2SVCD base documentation for more details on configuring and managing EDR streams and on the syntax/encoding details for N-Squared EDRs.
SNS-DNS EDR
The SNS-DNS EDR Event Type indicates that the DNS Lua Service received an inbound
DNS ENUM request from an N2SVCD DnsServerApp instance.
Common Fields
Some fields apply to all SNS-DNS EDRs.
| Field | Type | Description |
|---|---|---|
TXN |
Integer | The received DNS transaction ID. |
CODE |
Integer | The DNS response code sent. |
NUM_Q |
Integer | The number of queries received. |
NUM_A |
Integer | The number of answers returned. Only present if at least one answer was sent or response code was 0. |
ERR |
String | Error details if an error occurred. Not present in successful cases. |
NAME_X |
String | The DNS name to look up. |
TYPE_X |
Integer | The type of query. |
CLASS_X |
Integer | The class of query. |
TTL |
Integer | The TTL sent for each answer (but sourced from a single global value). Only present if answers were sent. |
Note that for each field ending in _X, X is replaced by 1, 2, etc. for each query received.
NAPTR EDR Fields
EDRs produced for NAPTR ENUM lookups (where the DNS type is 35) produce the following fields.
| Field | Type | Description |
|---|---|---|
ID_X_Y |
Integer | The internal database ID for each answer. |
ORDER_X_Y |
Integer | The RFC 2915 Order for each answer. |
PREF_X_Y |
Integer | The RFC 2915 Preference for each answer. |
FLAGS_X_Y |
Integer | The RFC 2915 Flags for each answer. |
SERV_X_Y |
Integer | The RFC 2915 Service for each answer. |
REGEX_X_Y |
Integer | The RFC 2915 Regexp for each answer. |
REPL_X_Y |
Integer | The RFC 2915 Replacement for each answer. |
Note that for each field ending in _X_Y:
Xis replaced by1,2, etc. for each query received.Yis replaced by1,2, etc. for each answer sent for each query.
Answers are sorted by:
- Order ascending
- Preference ascending
- Service ascending
Example (line breaks added for readability):
SNS-DNS|CLASS_1=1|CODE=0|FLAGS_1_1=|FLAGS_1_2=|FLAGS_1_3=|ID_1_1=6|ID_1_2=7|ID_1_3=8|
NAME_1=8.3.3.4.1.3.6.2.4.1.3.e164enum.NET|NUM_A=3|NUM_Q=1|ORDER_1_1=100|ORDER_1_2=101|ORDER_1_3=101|PREF_1_1=10|PREF_1_2=10|PREF_1_3=11|
REGEX_1_1=%21%5E.%2A%24%21sip:%2B61426314338@ims.mnc001.mcc505.3gppnetwork.org%21|
REGEX_1_2=%21%5E.%2A%24%21sip:%2B61426314338@ims.mnc002.mcc505.3gppnetwork.org%21|
REGEX_1_3=%21%5E.%2A%24%21sip:%2B61426314338@ims.mnc003.mcc505.3gppnetwork.org%21|
REPL_1_1=|REPL_1_2=|REPL_1_3=|SERV_1_1=E2U%2Bsip|SERV_1_2=E2U%2Bsip|SERV_1_3=E2U%2Bsip|TTL=35|TXN=64613|TYPE_1=35