policy/protocols/dns/detect-external-names.zeek

DNS

This script detects names which are not within zones considered to be local but resolving to addresses considered local. The Site::local_zones variable must be set appropriately for this detection.

Namespace

DNS

Imports

base/frameworks/notice, base/utils/site.zeek

Summary

Redefinitions

Notice::Type: enum

  • DNS::External_Name: Raised when a non-local name is found to be pointing at a local host.

Detailed Interface