Priority/port fields on MX, SRV records

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup

http://gamelinux.org/

1.67k stars 374 forks source link

Priority/port fields on MX, SRV records #76

Open rcgraves opened 8 years ago

rcgraves commented 8 years ago

Only the hostname component of MX and SRV records is logged. Example of a SRV:

_sip._udp.prod.ringto.bwapp.bwsip.io. 163 IN SRV 5 50 9060 registrar01.registration.bandwidth.com.

Quoted TXT records like Gmail.com (or anywhere with SPFv1) do get logged in their entirety.

daekpon commented 6 years ago

we have the same issue. MX records do not get the priority logged. Seems pretty easy to fix?

example: recalsa.org. 3600 IN MX 10 mx1c76.carrierzone.com. and gamelinux produces this row from the above DNS response: 1506885129.052785||64.91.238.211||190.85.239.19||IN||recalsa.org.||MX||mx1c76.carrierzone.com.||3600||1

gamelinux commented 6 years ago

how would suggested passivedns output look like?