base/protocols/dns/consts.zeek

DNS

Types, errors, and fields for analyzing DNS data. A helper file for DNS analysis scripts.

Namespace

DNS

Summary

Constants

DNS::ANY: count

A QTYPE value describing a request for all records.

DNS::EDNS: count

An OPT RR TYPE value described by EDNS.

DNS::PTR: count

RR TYPE value for a domain name pointer.

DNS::algorithms: table &default = function

Possible values of the algorithms used in DNSKEY, DS and RRSIG records

DNS::base_errors: table &default = function

Errors used for non-TSIG/EDNS types.

DNS::classes: table &default = function

Possible values of the CLASS field in resource records or QCLASS field in query messages.

DNS::digests: table &default = function

Possible digest types used in DNSSEC.

DNS::edns_zfield: table &default = "?"

This deciphers EDNS Z field values.

DNS::query_types: table &default = function

Mapping of DNS query type codes to human readable string representation.

DNS::svcparam_keys: table &default = function

SVCB/HTTPS SvcParam keys, as defined in https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-07.txt, sec 14.3.2

Detailed Interface

Constants

DNS::ANY
Type

count

Default

255

A QTYPE value describing a request for all records.

DNS::EDNS
Type

count

Default

41

An OPT RR TYPE value described by EDNS.

DNS::PTR
Type

count

Default

12

RR TYPE value for a domain name pointer.

DNS::algorithms
Type

table [count] of string

Attributes

&default = function

Default
{
   [254] = "PrivateOID",
   [2] = "Diffie_Hellman",
   [15] = "Ed25519",
   [6] = "DSA_NSEC3_SHA1",
   [14] = "ECDSA_curveP384withSHA384",
   [16] = "Ed448",
   [255] = "reserved255",
   [8] = "RSA_SHA256",
   [252] = "Indirect",
   [253] = "PrivateDNS",
   [1] = "RSA_MD5",
   [5] = "RSA_SHA1",
   [7] = "RSA_SHA1_NSEC3_SHA1",
   [10] = "RSA_SHA512",
   [4] = "Elliptic_Curve",
   [12] = "GOST_R_34_10_2001",
   [13] = "ECDSA_curveP256withSHA256",
   [3] = "DSA_SHA1",
   [0] = "reserved0"
}

Possible values of the algorithms used in DNSKEY, DS and RRSIG records

DNS::base_errors
Type

table [count] of string

Attributes

&default = function

Default
{
   [19] = "BADMODE",
   [3842] = "BADSIG",
   [20] = "BADNAME",
   [2] = "SERVFAIL",
   [14] = "unassigned-14",
   [15] = "unassigned-15",
   [6] = "YXDOMAIN",
   [16] = "BADVERS",
   [8] = "NXRRSet",
   [23] = "BADCOOKIE",
   [9] = "NOTAUTH",
   [1] = "FORMERR",
   [11] = "unassigned-11",
   [7] = "YXRRSET",
   [5] = "REFUSED",
   [10] = "NOTZONE",
   [21] = "BADALG",
   [4] = "NOTIMP",
   [22] = "BADTRUNC",
   [13] = "unassigned-13",
   [12] = "unassigned-12",
   [18] = "BADTIME",
   [17] = "BADKEY",
   [3] = "NXDOMAIN",
   [0] = "NOERROR"
}

Errors used for non-TSIG/EDNS types.

DNS::classes
Type

table [count] of string

Attributes

&default = function

Default
{
   [254] = "C_NONE",
   [2] = "C_CSNET",
   [3] = "C_CHAOS",
   [255] = "C_ANY",
   [4] = "C_HESIOD",
   [1] = "C_INTERNET"
}

Possible values of the CLASS field in resource records or QCLASS field in query messages.

DNS::digests
Type

table [count] of string

Attributes

&default = function

Default
{
   [0] = "reserved0",
   [2] = "SHA256",
   [4] = "SHA384",
   [1] = "SHA1",
   [3] = "GOST_R_34_11_94"
}

Possible digest types used in DNSSEC.

DNS::edns_zfield
Type

table [count] of string

Attributes

&default = "?"

Default
{
   [0] = "NOVALUE",
   [32768] = "DNS_SEC_OK"
}

This deciphers EDNS Z field values.

DNS::query_types
Type

table [count] of string

Attributes

&default = function

Default
{
   [19] = "X25",
   [20] = "ISDN",
   [33] = "SRV",
   [39] = "DNAME",
   [30] = "NXT",
   [46] = "RRSIG",
   [15] = "MX",
   [65422] = "XPF",
   [28] = "AAAA",
   [64] = "SVCB",
   [106] = "L64",
   [9] = "MR",
   [253] = "MAILB",
   [107] = "LP",
   [53] = "SMIMEA",
   [55] = "HIP",
   [52] = "TLSA",
   [251] = "IXFR",
   [21] = "RT",
   [4] = "MF",
   [12] = "PTR",
   [41] = "OPT",
   [58] = "TALINK",
   [17] = "RP",
   [105] = "L32",
   [254] = "MAILA",
   [32768] = "TA",
   [25] = "KEY",
   [32769] = "DLV",
   [65281] = "WINS",
   [29] = "LOC",
   [16] = "TXT",
   [255] = "*",
   [59] = "CDS",
   [38] = "A6",
   [252] = "AXFR",
   [63] = "ZONEMD",
   [42] = "APL",
   [57] = "RKEY",
   [1] = "A",
   [11] = "WKS",
   [35] = "NAPTR",
   [108] = "EUI48",
   [22] = "NSAP",
   [256] = "URI",
   [43] = "DS",
   [102] = "GID",
   [257] = "CAA",
   [65521] = "INTEGRITY",
   [3] = "MD",
   [44] = "SSHFP",
   [34] = "ATMA",
   [45] = "IPSECKEY",
   [40] = "SINK",
   [36] = "KX",
   [250] = "TSIG",
   [14] = "MINFO",
   [6] = "SOA",
   [31] = "EID",
   [23] = "NSAP-PTR",
   [8] = "MG",
   [27] = "GPOS",
   [56] = "NINFO",
   [7] = "MB",
   [10] = "NULL",
   [32] = "NIMLOC",
   [13] = "HINFO",
   [26] = "PX",
   [65] = "HTTPS",
   [62] = "CSYNC",
   [101] = "UID",
   [47] = "NSEC",
   [50] = "NSEC3",
   [2] = "NS",
   [65282] = "WINS-R",
   [48] = "DNSKEY",
   [24] = "SIG",
   [99] = "SPF",
   [49] = "DHCID",
   [109] = "EUI64",
   [249] = "TKEY",
   [103] = "UNSPEC",
   [5] = "CNAME",
   [104] = "NID",
   [61] = "OPENPGPKEY",
   [60] = "CDNSKEY",
   [100] = "UINFO",
   [51] = "NSEC3PARAM",
   [37] = "CERT",
   [18] = "AFSDB"
}

Mapping of DNS query type codes to human readable string representation.

DNS::svcparam_keys
Type

table [count] of string

Attributes

&default = function

Default
{
   [2] = "no-default-alpn",
   [3] = "port",
   [5] = "ech",
   [0] = "mandatory",
   [6] = "ipv6hint",
   [4] = "ipv4hint",
   [1] = "alpn"
}

SVCB/HTTPS SvcParam keys, as defined in https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-07.txt, sec 14.3.2