eve/dns-v2: only log responses for enabled types

This changes the logic a bit for v2, checking the rrtype of the
query to see if the response should be logged.

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index 849cd31187e5719e888bd060ff3380dee115e7a1..8eb6a6dc717b0aac97f59396884577786d6c09cf 100644 (file)
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -520,10 +520,6 @@ static void OutputAnswerDetailed(DNSAnswerEntry *entry, json_t *js,
         uint64_t flags)
 {
     do {
-        if (!DNSRRTypeEnabled(entry->type, flags)) {
-            continue;
-        }
-
         json_t *jdata = json_object();
         if (jdata == NULL) {
             return;
@@ -978,6 +974,10 @@ static void LogAnswers(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx, uin
     SCLogDebug("got a DNS response and now logging !!");
 
     if (aft->dnslog_ctx->version == DNS_VERSION_2) {
+        DNSQueryEntry *query = TAILQ_FIRST(&tx->query_list);
+        if (query && !DNSRRTypeEnabled(query->type, aft->dnslog_ctx->flags)) {
+            return;
+        }
         OutputAnswerV2(aft, js, tx);
     } else {
         DNSAnswerEntry *entry = NULL;