From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 10 Jun 2025 15:08:01 +0000 (-0600)
Subject: doc/upgrade: note about dns address swap on responses
X-Git-Tag: suricata-8.0.0-rc1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e8c3040e7febd96d6ea967200bd61f4710646fa;p=thirdparty%2Fsuricata.git

doc/upgrade: note about dns address swap on responses

Document the change in DNS addresses for ticket 6400.

Ticket: https://redmine.openinfosecfoundation.org/issues/6400
---

diff --git a/doc/userguide/upgrade/8.0-dns-logging-changes.rst b/doc/userguide/upgrade/8.0-dns-logging-changes.rst
index 2ca0ef7d9b..928a61f569 100644
--- a/doc/userguide/upgrade/8.0-dns-logging-changes.rst
+++ b/doc/userguide/upgrade/8.0-dns-logging-changes.rst
@@ -10,6 +10,10 @@ the ``dns`` object accross ``dns`` and ``alert`` objects.
 
 Ticket: https://redmine.openinfosecfoundation.org/issues/6281
 
+Additionally, version ``3`` DNS response messages will now use the IP
+address of the responder as the ``src_ip``, not the client, ticket:
+https://redmine.openinfosecfoundation.org/issues/6400
+
 The changes are summarized below:
 
 * DNS requests now have a type of ``request`` instead of ``query``.