:tocdepth: 3

base/protocols/dns/consts.bro
=============================
.. bro:namespace:: DNS

Types, errors, and fields for analyzing DNS data.  A helper file
for DNS analysis scripts.

:Namespace: DNS
:Source File: :download:`/scripts/base/protocols/dns/consts.bro`

Summary
~~~~~~~
Constants
#########
=============================================================================================================== ================================================================
:bro:id:`DNS::ANY`: :bro:type:`count`                                                                           A QTYPE value describing a request for all records.
:bro:id:`DNS::EDNS`: :bro:type:`count`                                                                          An OPT RR TYPE value described by EDNS.
:bro:id:`DNS::PTR`: :bro:type:`count`                                                                           RR TYPE value for a domain name pointer.
:bro:id:`DNS::base_errors`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional` Errors used for non-TSIG/EDNS types.
:bro:id:`DNS::classes`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`     Possible values of the CLASS field in resource records or QCLASS
                                                                                                                field in query messages.
:bro:id:`DNS::edns_zfield`: :bro:type:`table` :bro:attr:`&default` = ``"?"`` :bro:attr:`&optional`              This deciphers EDNS Z field values.
:bro:id:`DNS::query_types`: :bro:type:`table` :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional` Mapping of DNS query type codes to human readable string
                                                                                                                representation.
=============================================================================================================== ================================================================


Detailed Interface
~~~~~~~~~~~~~~~~~~
Constants
#########
.. bro:id:: DNS::ANY

   :Type: :bro:type:`count`
   :Default: ``255``

   A QTYPE value describing a request for all records.

.. bro:id:: DNS::EDNS

   :Type: :bro:type:`count`
   :Default: ``41``

   An OPT RR TYPE value described by EDNS.

.. bro:id:: DNS::PTR

   :Type: :bro:type:`count`
   :Default: ``12``

   RR TYPE value for a domain name pointer.

.. bro:id:: DNS::base_errors

   :Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
   :Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
   :Default:

   ::

      {
         [0] = "NOERROR",
         [9] = "NOTAUTH",
         [14] = "unassigned-14",
         [5] = "REFUSED",
         [20] = "BADNAME",
         [12] = "unassigned-12",
         [15] = "unassigned-15",
         [4] = "NOTIMP",
         [2] = "SERVFAIL",
         [7] = "YXRRSET",
         [19] = "BADMODE",
         [17] = "BADKEY",
         [3] = "NXDOMAIN",
         [13] = "unassigned-13",
         [6] = "YXDOMAIN",
         [1] = "FORMERR",
         [16] = "BADVERS",
         [3842] = "BADSIG",
         [11] = "unassigned-11",
         [21] = "BADALG",
         [8] = "NXRRSet",
         [18] = "BADTIME",
         [22] = "BADTRUNC",
         [10] = "NOTZONE"
      }

   Errors used for non-TSIG/EDNS types.

.. bro:id:: DNS::classes

   :Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
   :Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
   :Default:

   ::

      {
         [4] = "C_HESOD",
         [2] = "C_CSNET",
         [3] = "C_CHAOS",
         [1] = "C_INTERNET",
         [254] = "C_NONE",
         [255] = "C_ANY"
      }

   Possible values of the CLASS field in resource records or QCLASS
   field in query messages.

.. bro:id:: DNS::edns_zfield

   :Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
   :Attributes: :bro:attr:`&default` = ``"?"`` :bro:attr:`&optional`
   :Default:

   ::

      {
         [0] = "NOVALUE",
         [32768] = "DNS_SEC_OK"
      }

   This deciphers EDNS Z field values.

.. bro:id:: DNS::query_types

   :Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
   :Attributes: :bro:attr:`&default` = :bro:type:`function` :bro:attr:`&optional`
   :Default:

   ::

      {
         [49] = "DHCID",
         [35] = "NAPTR",
         [255] = "*",
         [19] = "X25",
         [249] = "TKEY",
         [43] = "DS",
         [253] = "MAILB",
         [38] = "A6",
         [102] = "GID",
         [25] = "KEY",
         [29] = "LOC",
         [103] = "UNSPEC",
         [21] = "RT",
         [41] = "EDNS",
         [44] = "SINK",
         [11] = "WKS",
         [18] = "AFSDB",
         [32769] = "DLV",
         [252] = "AXFR",
         [250] = "TSIG",
         [9] = "MR",
         [27] = "GPOS",
         [100] = "DINFO",
         [30] = "EID",
         [37] = "CERT",
         [1] = "A",
         [39] = "DNAME",
         [32] = "NB",
         [13] = "HINFO",
         [2] = "NS",
         [32768] = "TA",
         [42] = "APL",
         [251] = "IXFR",
         [48] = "DNSKEY",
         [14] = "MINFO",
         [20] = "ISDN",
         [15] = "MX",
         [99] = "SPF",
         [40] = "SINK",
         [33] = "SRV",
         [45] = "SSHFP",
         [46] = "RRSIG",
         [6] = "SOA",
         [34] = "ATMA",
         [5] = "CNAME",
         [4] = "MF",
         [28] = "AAAA",
         [22] = "NSAP",
         [7] = "MB",
         [23] = "NSAP-PTR",
         [31] = "NIMLOC",
         [24] = "SIG",
         [16] = "TXT",
         [101] = "UID",
         [47] = "NSEC",
         [8] = "MG",
         [12] = "PTR",
         [36] = "KX",
         [10] = "NULL",
         [254] = "MAILA",
         [17] = "RP",
         [26] = "PX",
         [3] = "MD"
      }

   Mapping of DNS query type codes to human readable string
   representation.


