[dnstap] suggested optional fields for DNSTAP
Joseph Gersch
joe.gersch at secure64.com
Thu Feb 26 17:49:03 UTC 2015
Hello all,
I would like to suggest two optional fields for the DNSTAP schema.
The first one has already been discussed, but I don’t see it in the schema yet: a boolean for CACHE-HIT/CACHE-MISS.
The second one is to generate a unique GUID for and store it for each CLIENT_QUERY. This GUID would also be stored with each RESOLVER_QUERY and RESOLVER_RESPONSE. This would allow an analysis of a DNS TRACE to determine operational issues with long recursive resolutions. It is insufficient to just have bailiwick or domain name, because once the recursive resolution starts chasing a CNAME or chain of NS delegations, the domain name changes. Some recursions can take 10-70 lookups to get full resolution. Having a GUID to tie them all together would be very useful.
Comments, suggestions, criticisms are welcome.
- Joe Gersch
Secure64 Software Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4124 bytes
Desc: not available
URL: <http://lists.redbarn.org/pipermail/dnstap/attachments/20150226/6a34083c/attachment.bin>
More information about the dnstap
mailing list