TXT, MX, SRV, SOA records not logged

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup

http://gamelinux.org/

1.67k stars 372 forks source link

TXT, MX, SRV, SOA records not logged #75

Closed rcgraves closed 8 years ago

rcgraves commented 8 years ago

I am running passivedns -f SMcsCQTAtn -C 5 -P 5 -X 46CPxsr

For TXT/MX/SRV/SOA lookups, I am only seeing logs for error responses: NXDOMAIN, REFUSED.

A/AAAA/CNAME/PTR are logging just fine.

thus commented 8 years ago

That is because you have specified with "-X" that you only want A, AAAA, CNAME, PTR, NXDOMAIN, SERVFAIL and REFUSED.

Please run "passivedns -h" to see alle the options for the "-X" parameter

rcgraves commented 8 years ago

Oops. This can stay closed.

To clarify: the server return code flags are effectively ORed with the record type flags, not ANDed. So even if you think you selected just A (noerror or nxdomain) you will also get NXDOMAIN for all other record types.

I could imagine splitting record type and return code into separate flags to admire ANDing, but that would be backwards incompatible for questionable gain, so never mind.