Guides

DNS Query

Suggest Edits

dns_query

The DNS query object represents a specific request made to the Domain Name System (DNS) to retrieve information about a domain or perform a DNS operation. This object encapsulates the necessary attributes and methods to construct and send DNS queries, specify the query type (e.g., A, AAAA, MX).

Attributes

CaptionNameTypeDescription
Resource Record Class class String The class of resource records being queried. See RFC1035. For example: IN.
Hostname hostname Hostname Entity:HOSTNAME
The hostname or domain being queried. For example: www.example.com
DNS Opcode opcode String The DNS opcode specifies the type of the query message.
DNS Opcode ID opcode_id Integer The DNS opcode ID specifies the normalized query message type as defined in RFC-5395.
  • 0: Query (QUERY)
  • 1: Inverse Query (INVERSE_QUERY)
  • 2: Status (STATUS)
  • 3: Reserved (RESERVED)
  • 4: Notify (NOTIFY)
  • 5: Update (UPDATE)
  • 6: DSO Message (DSO_MESSAGE)
  • 99: Other (OTHER)
Packet UID packet_uid Integer The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Resource Record Type type String The type of resource records being queried. See RFC1035. For example: A, AAAA, CNAME, MX, and NS.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

DNS Query shown in context

Inbound Relationships

These objects and events reference DNS Query in their attributes:

Outbound Relationships

DNS Query references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 3 days ago