WARNING: Version 6.0 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
DNS Fieldsedit
DNS-specific event fields.
dns.idedit
type: long
The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
dns.op_codeedit
example: QUERY
The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response.
dns.flags.authoritativeedit
type: boolean
A DNS flag specifying that the responding server is an authority for the domain name used in the question.
dns.flags.recursion_availableedit
type: boolean
A DNS flag specifying whether recursive query support is available in the name server.
dns.flags.recursion_desirededit
type: boolean
A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.
dns.flags.authentic_dataedit
type: boolean
A DNS flag specifying that the recursive server considers the response authentic.
dns.flags.checking_disablededit
type: boolean
A DNS flag specifying that the client disables the server signature validation of the query.
dns.flags.truncated_responseedit
type: boolean
A DNS flag specifying that only the first 512 bytes of the reply were returned.
dns.response_codeedit
example: NOERROR
The DNS status code.
dns.question.nameedit
example: www.google.com.
The domain name being queried. If the name field contains non-printable characters (below 32 or above 126), then those characters are represented as escaped base 10 integers (\DDD). Back slashes and quotes are escaped. Tabs, carriage returns, and line feeds are converted to \t, \r, and \n respectively.
dns.question.typeedit
example: AAAA
The type of records being queried.
dns.question.classedit
example: IN
The class of of records being queried.
dns.question.etld_plus_oneedit
example: amazon.co.uk.
The effective top-level domain (eTLD) plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org.
dns.answersedit
type: object
An array containing a dictionary about each answer section returned by the server.
dns.answers_countedit
type: long
The number of resource records contained in the dns.answers
field.
dns.answers.nameedit
example: example.com.
The domain name to which this resource record pertains.
dns.answers.typeedit
example: MX
The type of data contained in this resource record.
dns.answers.classedit
example: IN
The class of DNS data contained in this resource record.
dns.answers.ttledit
type: long
The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.
dns.answers.dataedit
The data describing the resource. The meaning of this data depends on the type and class of the resource record.
dns.authoritiesedit
type: object
An array containing a dictionary for each authority section from the answer.
dns.authorities_countedit
type: long
The number of resource records contained in the dns.authorities
field. The dns.authorities
field may or may not be included depending on the configuration of Packetbeat.
dns.authorities.nameedit
example: example.com.
The domain name to which this resource record pertains.
dns.authorities.typeedit
example: NS
The type of data contained in this resource record.
dns.authorities.classedit
example: IN
The class of DNS data contained in this resource record.
dns.additionalsedit
type: object
An array containing a dictionary for each additional section from the answer.
dns.additionals_countedit
type: long
The number of resource records contained in the dns.additionals
field. The dns.additionals
field may or may not be included depending on the configuration of Packetbeat.
dns.additionals.nameedit
example: example.com.
The domain name to which this resource record pertains.
dns.additionals.typeedit
example: NS
The type of data contained in this resource record.
dns.additionals.classedit
example: IN
The class of DNS data contained in this resource record.
dns.additionals.ttledit
type: long
The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.
dns.additionals.dataedit
The data describing the resource. The meaning of this data depends on the type and class of the resource record.
dns.opt.versionedit
example: 0
The EDNS version.
dns.opt.doedit
type: boolean
If set, the transaction uses DNSSEC.
dns.opt.ext_rcodeedit
example: BADVERS
Extended response code field.
dns.opt.udp_sizeedit
type: long
Requestor’s UDP payload size (in bytes).