From cff4bb2a14a9b6db5ed8c8d4d71c569463466f92 Mon Sep 17 00:00:00 2001 From: Simon Dugas Date: Tue, 7 Apr 2020 17:40:29 +0000 Subject: [PATCH] tests/dns: add test for logging SOA fields test config and pcap were copied from an existing test dns-udp-nxdomain-soa --- tests/dns-eve-v2-udp-nxdomain-soa/README.md | 2 ++ .../dns-udp-nxdomain-soa.pcap | Bin 0 -> 315 bytes .../dns-eve-v2-udp-nxdomain-soa/suricata.yaml | 10 +++++++++ tests/dns-eve-v2-udp-nxdomain-soa/test.yaml | 21 ++++++++++++++++++ 4 files changed, 33 insertions(+) create mode 100644 tests/dns-eve-v2-udp-nxdomain-soa/README.md create mode 100644 tests/dns-eve-v2-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap create mode 100644 tests/dns-eve-v2-udp-nxdomain-soa/suricata.yaml create mode 100644 tests/dns-eve-v2-udp-nxdomain-soa/test.yaml diff --git a/tests/dns-eve-v2-udp-nxdomain-soa/README.md b/tests/dns-eve-v2-udp-nxdomain-soa/README.md new file mode 100644 index 000000000..8b72d06f2 --- /dev/null +++ b/tests/dns-eve-v2-udp-nxdomain-soa/README.md @@ -0,0 +1,2 @@ +Verify the fields of an SOA authority record in a DNS response that +failed with NXDOMAIN error for eve dns version 2. diff --git a/tests/dns-eve-v2-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap b/tests/dns-eve-v2-udp-nxdomain-soa/dns-udp-nxdomain-soa.pcap new file mode 100644 index 0000000000000000000000000000000000000000..eb47badda678a57946f7b1e0ff4d3b66ee7ed630 GIT binary patch literal 315 zc-p&ic+)~A1{MYcU}0bcl5Y9k5nmfQ8RCI#5M~e+=VkkT<8;^Cg>D=St_%!;iTMl+ z4uVYVTmp>T92_hxFFYAc8EkiLZ<@-e05*bwfsr{SFO?-fvp9`8FSP{72Z?J6KQuP;+O;%$U2QnTntNq5+Dq*2x2MNx@k8%85k@DCoBh91+tRC6lh^n)~Tkc zjm==|7_nJ*K!AY_B+J~);L4U)tZQg!z?oQHoC0DRGbiWgG6+Js8TrK}xrxOksYPsw gxrtTzc?Yb)hBC+~0JXO;2$cePfek?SGeH9i08nN{o&W#< literal 0 Hc-jL100001 diff --git a/tests/dns-eve-v2-udp-nxdomain-soa/suricata.yaml b/tests/dns-eve-v2-udp-nxdomain-soa/suricata.yaml new file mode 100644 index 000000000..4db348acd --- /dev/null +++ b/tests/dns-eve-v2-udp-nxdomain-soa/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - dns: + version: 2 diff --git a/tests/dns-eve-v2-udp-nxdomain-soa/test.yaml b/tests/dns-eve-v2-udp-nxdomain-soa/test.yaml new file mode 100644 index 000000000..43855d612 --- /dev/null +++ b/tests/dns-eve-v2-udp-nxdomain-soa/test.yaml @@ -0,0 +1,21 @@ +requires: + min-version: 6.0.0 + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: dns + dns.rcode: NXDOMAIN + dns.authorities[0].rrname: oisf.net + dns.authorities[0].rrtype: SOA + dns.authorities[0].ttl: 899 + dns.authorities[0].soa.mname: ns-110.awsdns-13.com + dns.authorities[0].soa.rname: awsdns-hostmaster.amazon.com + dns.authorities[0].soa.serial: 1 + dns.authorities[0].soa.refresh: 7200 + dns.authorities[0].soa.retry: 900 + dns.authorities[0].soa.expire: 1209600 + dns.authorities[0].soa.minimum: 86400 -- 2.47.2