dns: tag each tx we get a reply for as replied

Also, detect and print when server says recursion is desired.

diff --git a/src/app-layer-dns-common.h b/src/app-layer-dns-common.h
index 6fb13c8f2e05d8c28cc300f2f99422f7d41c0233..6c72c1d475761d6026cec39ad444d12ac9462959 100644 (file)
--- a/src/app-layer-dns-common.h
+++ b/src/app-layer-dns-common.h
@@ -129,6 +129,7 @@ typedef struct DNSTransaction_ {
                                                          replied to. */
     uint8_t reply_lost;
     uint8_t no_such_name;                           /**< server said "no such name" */
+    uint8_t recursion_desired;                      /**< server said "recursion desired" */
 
     TAILQ_HEAD(, DNSQueryEntry_) query_list;        /**< list for query/queries */
     TAILQ_HEAD(, DNSAnswerEntry_) answer_list;      /**< list for answers */

diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c
index 1596078d7cc016640efe37d907f9fd2c55e0b49b..ecf4bf8213374393f7edd4987ef2b215212ad51d 100644 (file)
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@@ -439,6 +439,23 @@ static int DNSReponseParseData(Flow *f, DNSState *dns_state, const uint8_t *inpu
         }
     }
 
+    /* see if this is a "no such name" error */
+    if (ntohs(dns_header->flags) & 0x0003) {
+        SCLogDebug("no such name");
+        if (tx != NULL)
+            tx->no_such_name = 1;
+    }
+
+    if (ntohs(dns_header->flags) & 0x0080) {
+        SCLogDebug("recursion desired");
+        if (tx != NULL)
+            tx->recursion_desired = 1;
+    }
+
+    if (tx != NULL) {
+        tx->replied = 1;
+    }
+
        SCReturnInt(1);
 bad_data:
 insufficient_data:

diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c
index 2fc20e546e5cf14cb293256220044b780d9ddf83..cb45c24df2dc14a37b424490cd4dc047441efaa1 100644 (file)
--- a/src/app-layer-dns-udp.c
+++ b/src/app-layer-dns-udp.c
@@ -272,10 +272,18 @@ static int DNSUDPResponseParse(Flow *f, void *dstate,
     /* see if this is a "no such name" error */
     if (ntohs(dns_header->flags) & 0x0003) {
         SCLogDebug("no such name");
-
-        if (tx != NULL) {
+        if (tx != NULL)
             tx->no_such_name = 1;
-        }
+    }
+
+    if (ntohs(dns_header->flags) & 0x0080) {
+        SCLogDebug("recursion desired");
+        if (tx != NULL)
+            tx->recursion_desired = 1;
+    }
+
+    if (tx != NULL) {
+        tx->replied = 1;
     }
 
     SCReturnInt(1);

diff --git a/src/log-dnslog.c b/src/log-dnslog.c
index 2d43087b0cfb85634649b079b6cde16fb441c885..80b9e94c7b7ebc7af83a289d0f431e366f23833e 100644 (file)
--- a/src/log-dnslog.c
+++ b/src/log-dnslog.c
@@ -143,8 +143,10 @@ static void LogAnswer(LogDnsLogThread *aft, char *timebuf, char *srcip, char *ds
             "%s [**] Response TX %04x [**] ", timebuf, tx->tx_id);
 
     if (entry == NULL) {
-        MemBufferWriteString(aft->buffer,
-                "No Such Name");
+        if (tx->no_such_name)
+            MemBufferWriteString(aft->buffer, "No Such Name");
+        else if (tx->recursion_desired)
+            MemBufferWriteString(aft->buffer, "Recursion Desired");
     } else {
         /* query */
         if (entry->fqdn_len > 0) {
@@ -284,9 +286,10 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ
             LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
         }
 
-        if (tx->no_such_name) {
+        if (tx->no_such_name)
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
+        if (tx->recursion_desired)
             LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
-        }
 
         DNSAnswerEntry *entry = NULL;
         TAILQ_FOREACH(entry, &tx->answer_list, next) {