[thirdparty/pdns.git] / pdns / dnsmessage.proto

/*
 * This file describes the message format used by the protobuf logging feature in PowerDNS and dnsdist.
 *
 * Written by PowerDNS.COM B.V. and its contributors.
 * 
 * To the extent possible under law, the author(s) have dedicated all
 * copyright and related and neighboring rights to this file to the public
 * domain worldwide. This file is distributed without any warranty.
 *
 * You should have received a copy of the CC0 Public Domain Dedication along
 * with this file. If not, see:
 *
 * <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
syntax = "proto2";

message PBDNSMessage {
  enum Type {
    DNSQueryType = 1;
    DNSResponseType = 2;
    DNSOutgoingQueryType = 3;
    DNSIncomingResponseType = 4;
  }
  enum SocketFamily {
    INET = 1;                                   // IPv4 (RFC 791)
    INET6 = 2;                                  // IPv6 (RFC 2460)
  }
  enum SocketProtocol {
    UDP = 1;                                    // User Datagram Protocol (RFC 768)
    TCP = 2;                                    // Transmission Control Protocol (RFC 793)
  }
  enum PolicyType {
    UNKNOWN = 1;                                // No policy applied, or unknown type
    QNAME = 2;                                  // Policy matched on the QName
    CLIENTIP = 3;                               // Policy matched on the client IP
    RESPONSEIP = 4;                             // Policy matched on one of the IPs contained in the answer
    NSDNAME = 5;                                // Policy matched on the name of one nameserver involved
    NSIP = 6;                                   // Policy matched on the IP of one nameserver involved
  }
  enum PolicyKind {
    NoAction = 1;                               // No action taken
    Drop = 2;                                   // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.4
    NXDOMAIN = 3;                               // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.1
    NODATA = 4;                                 // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.2
    Truncate= 5;                                // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.5
    Custom = 6;                                 // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.6
  }
  enum VState {
    Indeterminate = 1;
    Insecure = 2;
    Secure = 3;
    NTA = 4;
    TA = 5;
    BogusNoValidDNSKEY = 6;
    BogusInvalidDenial = 7;
    BogusUnableToGetDSs = 8;
    BogusUnableToGetDNSKEYs = 9;
    BogusSelfSignedDS = 10;
    BogusNoRRSIG = 11;
    BogusNoValidRRSIG = 12;
    BogusMissingNegativeIndication = 13;
    BogusSignatureNotYetValid = 14;
    BogusSignatureExpired = 15;
    BogusUnsupportedDNSKEYAlgo = 16;
    BogusUnsupportedDSDigestType = 17;
    BogusNoZoneKeyBitSet = 18;
    BogusRevokedDNSKEY = 19;
    BogusInvalidDNSKEYProtocol = 20;
  }
  required Type type = 1;
  optional bytes messageId = 2;                 // UUID, shared by the query and the response
  optional bytes serverIdentity = 3;            // ID of the server emitting the protobuf message
  optional SocketFamily socketFamily = 4;
  optional SocketProtocol socketProtocol = 5;
  optional bytes from = 6;                      // DNS requestor (client)
  optional bytes to = 7;                        // DNS responder (server)
  optional uint64 inBytes = 8;                  // Size of the query or response on the wire
  optional uint32 timeSec = 9;                  // Time of message reception (seconds since epoch)
  optional uint32 timeUsec = 10;                // Time of message reception (additional micro-seconds)
  optional uint32 id = 11;                      // ID of the query/response as found in the DNS header

  message DNSQuestion {
    optional string qName = 1;
    optional uint32 qType = 2;
    optional uint32 qClass = 3;
  }
  optional DNSQuestion question = 12;

  message DNSResponse {
    message DNSRR {
      optional string name = 1;
      optional uint32 type = 2;
      optional uint32 class = 3;
      optional uint32 ttl = 4;
      optional bytes rdata = 5;
      optional bool  udr = 6;                   // True if this is the first time this RR has been seen for this question
    }
    optional uint32 rcode = 1;                  // DNS Response code, or 65536 for a network error including a timeout
    repeated DNSRR rrs = 2;
    optional string appliedPolicy = 3;          // Filtering policy (RPZ or Lua) applied
    repeated string tags = 4;                   // Additional tags
    optional uint32 queryTimeSec = 5;           // Time of the corresponding query reception (seconds since epoch)
    optional uint32 queryTimeUsec = 6;          // Time of the corresponding query reception (additional micro-seconds)
    optional PolicyType appliedPolicyType = 7;  // Type of the filtering policy (RPZ or Lua) applied
    optional string appliedPolicyTrigger = 8;   // The RPZ trigger
    optional string appliedPolicyHit = 9;       // The value (qname or IP) that caused the hit
    optional PolicyKind appliedPolicyKind = 10; // The Kind (RPZ action) applied by the hit
    optional VState validationState = 11;      // The DNSSEC Validation State
  }

  optional DNSResponse response = 13;
  optional bytes originalRequestorSubnet = 14;  // EDNS Client Subnet value
  optional string requestorId = 15;             // Username of the requestor
  optional bytes initialRequestId = 16;         // UUID of the incoming query that initiated this outgoing query or incoming response
  optional bytes deviceId = 17;     		// Device ID of the requestor (could be mac address IP address or e.g. IMEI)
  optional bool  newlyObservedDomain = 18;      // True if the domain has not been seen before
  optional string deviceName = 19;              // Device name of the requestor
  optional uint32 fromPort = 20;                // Source port of the DNS query (client)
  optional uint32 toPort = 21;                  // Destination port of the DNS query (server)
}
Commit	Line	Data
12471842	1	/*
d47fca73	2	* This file describes the message format used by the protobuf logging feature in PowerDNS and dnsdist.
12471842	3	*
d47fca73 KW	4	* Written by PowerDNS.COM B.V. and its contributors.
	5	*
	6	* To the extent possible under law, the author(s) have dedicated all
	7	* copyright and related and neighboring rights to this file to the public
	8	* domain worldwide. This file is distributed without any warranty.
12471842	9	*
d47fca73 KW	10	* You should have received a copy of the CC0 Public Domain Dedication along
d47fca73 KW	11	* with this file. If not, see:
12471842	12	*
d47fca73	13	* <http://creativecommons.org/publicdomain/zero/1.0/>.
12471842	14	*/
2e14d4bb RG	15	syntax = "proto2";
2e14d4bb RG	16
d8c19b98 RG	17	message PBDNSMessage {
	18	enum Type {
	19	DNSQueryType = 1;
	20	DNSResponseType = 2;
4898a348 RG	21	DNSOutgoingQueryType = 3;
4898a348 RG	22	DNSIncomingResponseType = 4;
d8c19b98 RG	23	}
d8c19b98 RG	24	enum SocketFamily {
0caa1aa8 RG	25	INET = 1; // IPv4 (RFC 791)
0caa1aa8 RG	26	INET6 = 2; // IPv6 (RFC 2460)
d8c19b98 RG	27	}
d8c19b98 RG	28	enum SocketProtocol {
0caa1aa8 RG	29	UDP = 1; // User Datagram Protocol (RFC 768)
0caa1aa8 RG	30	TCP = 2; // Transmission Control Protocol (RFC 793)
d8c19b98	31	}
f3da83fe RG	32	enum PolicyType {
	33	UNKNOWN = 1; // No policy applied, or unknown type
	34	QNAME = 2; // Policy matched on the QName
	35	CLIENTIP = 3; // Policy matched on the client IP
	36	RESPONSEIP = 4; // Policy matched on one of the IPs contained in the answer
	37	NSDNAME = 5; // Policy matched on the name of one nameserver involved
	38	NSIP = 6; // Policy matched on the IP of one nameserver involved
	39	}
12152c8c ND	40	enum PolicyKind {
	41	NoAction = 1; // No action taken
	42	Drop = 2; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.4
	43	NXDOMAIN = 3; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.1
	44	NODATA = 4; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.2
	45	Truncate= 5; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.5
	46	Custom = 6; // https://tools.ietf.org/html/draft-vixie-dns-rpz-04 3.6
	47	}
2e627150 O	48	enum VState {
	49	Indeterminate = 1;
	50	Insecure = 2;
	51	Secure = 3;
	52	NTA = 4;
	53	TA = 5;
	54	BogusNoValidDNSKEY = 6;
	55	BogusInvalidDenial = 7;
	56	BogusUnableToGetDSs = 8;
	57	BogusUnableToGetDNSKEYs = 9;
	58	BogusSelfSignedDS = 10;
	59	BogusNoRRSIG = 11;
	60	BogusNoValidRRSIG = 12;
	61	BogusMissingNegativeIndication = 13;
	62	BogusSignatureNotYetValid = 14;
	63	BogusSignatureExpired = 15;
	64	BogusUnsupportedDNSKEYAlgo = 16;
	65	BogusUnsupportedDSDigestType = 17;
	66	BogusNoZoneKeyBitSet = 18;
	67	BogusRevokedDNSKEY = 19;
	68	BogusInvalidDNSKEYProtocol = 20;
	69	}
d8c19b98	70	required Type type = 1;
0caa1aa8	71	optional bytes messageId = 2; // UUID, shared by the query and the response
c165308b	72	optional bytes serverIdentity = 3; // ID of the server emitting the protobuf message
d8c19b98 RG	73	optional SocketFamily socketFamily = 4;
d8c19b98 RG	74	optional SocketProtocol socketProtocol = 5;
0caa1aa8 RG	75	optional bytes from = 6; // DNS requestor (client)
	76	optional bytes to = 7; // DNS responder (server)
	77	optional uint64 inBytes = 8; // Size of the query or response on the wire
	78	optional uint32 timeSec = 9; // Time of message reception (seconds since epoch)
	79	optional uint32 timeUsec = 10; // Time of message reception (additional micro-seconds)
	80	optional uint32 id = 11; // ID of the query/response as found in the DNS header
d8c19b98 RG	81
	82	message DNSQuestion {
	83	optional string qName = 1;
	84	optional uint32 qType = 2;
	85	optional uint32 qClass = 3;
	86	}
	87	optional DNSQuestion question = 12;
	88
	89	message DNSResponse {
	90	message DNSRR {
	91	optional string name = 1;
	92	optional uint32 type = 2;
	93	optional uint32 class = 3;
	94	optional uint32 ttl = 4;
	95	optional bytes rdata = 5;
d6399006	96	optional bool udr = 6; // True if this is the first time this RR has been seen for this question
aa7929a3	97	}
57f8413e	98	optional uint32 rcode = 1; // DNS Response code, or 65536 for a network error including a timeout
d8c19b98	99	repeated DNSRR rrs = 2;
0caa1aa8 RG	100	optional string appliedPolicy = 3; // Filtering policy (RPZ or Lua) applied
	101	repeated string tags = 4; // Additional tags
	102	optional uint32 queryTimeSec = 5; // Time of the corresponding query reception (seconds since epoch)
	103	optional uint32 queryTimeUsec = 6; // Time of the corresponding query reception (additional micro-seconds)
f3da83fe	104	optional PolicyType appliedPolicyType = 7; // Type of the filtering policy (RPZ or Lua) applied
b5892cfa	105	optional string appliedPolicyTrigger = 8; // The RPZ trigger
7f60444b	106	optional string appliedPolicyHit = 9; // The value (qname or IP) that caused the hit
12152c8c	107	optional PolicyKind appliedPolicyKind = 10; // The Kind (RPZ action) applied by the hit
2e627150	108	optional VState validationState = 11; // The DNSSEC Validation State
d8c19b98 RG	109	}
	110
	111	optional DNSResponse response = 13;
0caa1aa8 RG	112	optional bytes originalRequestorSubnet = 14; // EDNS Client Subnet value
0caa1aa8 RG	113	optional string requestorId = 15; // Username of the requestor
4898a348	114	optional bytes initialRequestId = 16; // UUID of the incoming query that initiated this outgoing query or incoming response
590388d2	115	optional bytes deviceId = 17; // Device ID of the requestor (could be mac address IP address or e.g. IMEI)
d6399006	116	optional bool newlyObservedDomain = 18; // True if the domain has not been seen before
0a6a45c8	117	optional string deviceName = 19; // Device name of the requestor
36de3330 RG	118	optional uint32 fromPort = 20; // Source port of the DNS query (client)
36de3330 RG	119	optional uint32 toPort = 21; // Destination port of the DNS query (server)
d8c19b98	120	}