Farsight Security logo Farsight Security Archive/ NmsgType SIE dnsdedupe

Vendor: SIE (1)

Type: dnsdedupe (2)

Definition: http://rsfcode.isc.org/git/sie-nmsg/tree/dnsdedupe.proto

Description: A message type for capturing DNS query/response state

  • "dnsdedupe"

    A message type for representing deduplicated passive DNS
replication RRSET data

  • "type" (enum)

         One of Insertion, Expiration, Chaff, Authoritative, Merged, Merged_Authoritative,
     or Merged_Insertion.

  • "count" (uint32)

        How many times the RRSET was seen since the last broadcast message.

  • "time_first" (uint32)

  • "time_last" (uint32)

  • "zone_time_first" (uint32)

  • "zone_time_last" (uint32)

        Over what period the data was seen in passive DNS replication or zone files.

  • "response_ip (bytes)

         The IP address of the responding nameserver

  • "rrname" (bytes)

  • "rrtype" (uint32)

  • "rrclass" (uint32)

  • "rrttl" (uint32)

  • "rdata" (uint32)

  • "response (bytes)

     The RRSET data.

  • "bailiwick" (bytes)

     The domain under which the RRSET answer was given.  For exmaple, a GTLD nameserver
 for COM might provide different answers for the same query than the delegated
 authoritative nameserrvers for FARSIGHTSECURITY.COM might provide.