dns-stats / draft-dns-capture-format

I-D for C-DNS file format
4 stars 4 forks source link

Question sections? #17

Closed gibson042 closed 7 years ago

gibson042 commented 7 years ago

Various points in the text reference "second and subsequent question sections". What does this mean? Obviously, any given DNS message includes exactly one question section, containing any number of entries (but almost always 1).

banburybill commented 7 years ago

The basic unit of query/response data always includes data from the first question, if present. Recording data from RRs is optional; if enabled for questions, we already have the data from the first question, hence the optional data recorded is for second and subsequent questions.

While queries with no question, or with more than one question, don't make much sense, they are well-formed DNS messages, and I have seen examples of both in traffic captures.

gibson042 commented 7 years ago

While any DNS message can include an arbitrary number of questions, it necessary includes only a single question section. This has been improved in -01 by the more accurate "second and subsequent Questions of any Question section", but instances of the old text still remain.

banburybill commented 7 years ago

Apologies. I get what you mean now. I'll fix the remaining instances of the old text.