This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello,

I'm using the 'dns.resp.name' field(s) in the PDML for a DNS query response packet to find the canonical and alias domain names for the domain requested (I'm using a response because I want the aliases and canonical domain as well as the one in the DNS request). I noticed that, if an SOA record is returned, dns.resp.name also captures the root domain of the DNS zone, which is something that I don't want my program to capture when parsing the files.

I noticed that there are four DNS sections: Questions, Answer RRs, Authority RRs and Additional RRs. SOA records fall into the section of Authority RRs, so I'm hoping that the only record types returned in the Answer RRs section are A and CNAME records - if so, I can limit my program to take domains from this section. Is this correct, or are there others returned in this section as well that I need to be aware of?

Thanks :)

asked 19 Nov '16, 14:39

Lobster's gravatar image

Lobster
11448
accept rate: 0%

Have you thought about PTR records?

(19 Nov '16, 16:14) Jaap ♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×109
×19

question asked: 19 Nov '16, 14:39

question was seen: 794 times

last updated: 19 Nov '16, 16:14

p​o​w​e​r​e​d by O​S​Q​A