From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 15 Mar 2021 20:50:50 +0000 (-0600)
Subject: dns-udp-nxdomain-soa: v1 and v2 dns eve tests
X-Git-Tag: suricata-6.0.4~114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad257b4d6953abeda4f74471113b8dd8c0aa867c;p=thirdparty%2Fsuricata-verify.git

dns-udp-nxdomain-soa: v1 and v2 dns eve tests
---

diff --git a/tests/dns-udp-nxdomain-soa-v1/README.md b/tests/dns-udp-nxdomain-soa-v1/README.md
new file mode 100644
index 000000000..1dd7a6d95
--- /dev/null
+++ b/tests/dns-udp-nxdomain-soa-v1/README.md
@@ -0,0 +1,2 @@
+Verify the eve output for a DNS request resulting in an NXDOMAIN error
+and an SOA record.
diff --git a/tests/dns-udp-nxdomain-soa-v1/dns-udp-nxdomain-soa.pcap b/tests/dns-udp-nxdomain-soa-v1/dns-udp-nxdomain-soa.pcap
new file mode 100644
index 000000000..eb47badda
Binary files /dev/null and b/tests/dns-udp-nxdomain-soa-v1/dns-udp-nxdomain-soa.pcap differ
diff --git a/tests/dns-udp-nxdomain-soa-v1/suricata.yaml b/tests/dns-udp-nxdomain-soa-v1/suricata.yaml
new file mode 100644
index 000000000..ea4c8d626
--- /dev/null
+++ b/tests/dns-udp-nxdomain-soa-v1/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - dns:
+            version: 1
+            
diff --git a/tests/dns-udp-nxdomain-soa-v1/test.yaml b/tests/dns-udp-nxdomain-soa-v1/test.yaml
new file mode 100644
index 000000000..8e8bee430
--- /dev/null
+++ b/tests/dns-udp-nxdomain-soa-v1/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  lt-version: 7
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: dns
+        dns.rcode: NXDOMAIN
+    
diff --git a/tests/dns-udp-nxdomain-soa/suricata.yaml b/tests/dns-udp-nxdomain-soa/suricata.yaml
index ea4c8d626..d65eee5d1 100644
--- a/tests/dns-udp-nxdomain-soa/suricata.yaml
+++ b/tests/dns-udp-nxdomain-soa/suricata.yaml
@@ -7,5 +7,4 @@ outputs:
       filename: eve.json
       types:
         - dns:
-            version: 1
             
diff --git a/tests/dns-udp-nxdomain-soa/test.yaml b/tests/dns-udp-nxdomain-soa/test.yaml
index fd8ea68f0..c5c46a86e 100644
--- a/tests/dns-udp-nxdomain-soa/test.yaml
+++ b/tests/dns-udp-nxdomain-soa/test.yaml
@@ -4,7 +4,7 @@ requires:
 
 checks:
   - filter:
-      count: 2
+      count: 1
       match:
         event_type: dns
         dns.rcode: NXDOMAIN