README ¶
UDP
Parsing
- Attempt to decode each UDP packet.
- If it succeeds, a transaction is sent.
Error management
-
Debug information is printed if:
- A packet fails to decode.
-
Error Notes are published if:
- Never
TCP
Parsing
- Fetch the first two bytes of a message containing the length of the message (RFC 1035).
- Fill the buffer
DnsStream.rawData
with each newParse
. - Once the buffer has the expected length (first two bytes), it is decoded and the message is published.
Error management
-
Debug information is printed if:
- A message has an unexpected length at any point of the transmission (
Parse
,GapInStream
,ReceivedFin
). - A message fails to decode.
- A message has an unexpected length at any point of the transmission (
-
Error Notes are published if:
- A response following a request (
dnsConnectionData.prevRequest
) fails to decode. - A response following a request (
dnsConnectionData.prevRequest
) has an unexpected length at any point of the transmission (Parse
,GapInStream
,ReceivedFin
).
- A response following a request (
When response error Notes are linked to the previous request, the transaction is then published and removed from the cache (see publishResponseError()
).
TODO
General
- Publish an event with Notes when a Query or a lone Response cannot be decoded.
- Consider adding ICMP support to
- correlate ICMP type 3, code 4 (datagram too big) with DNS messages,
- correlate ICMP type 3, code 13 (administratively prohibited) or ICMP type 3, code 3 (port unreachable) with blocked DNS messages.
Documentation ¶
Overview ¶
Package dns provides support for parsing DNS messages and reporting the results. This package supports the DNS protocol as defined by RFC 1034 and RFC 1035. It does not have any special support for RFC 2671 (EDNS) or RFC 4035 (DNS Security Extensions), but since those specifications only add backwards compatible features there will be no issues handling the messages.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
This section is empty.