C-DNS DNS Capture Format
2019-01-07
2020-12-09
C-DNS Transports
Expert Review
Jim Hague, Sara Dickinson, John Dickinson
In version 1.0 of C-DNS , there is a field to identify the
type of DNS transport. This field is 4 bits in size.
0
UDP
1
TCP
2
TLS
3
DTLS
4
HTTPS
5-14
Unassigned
15
Non-standard transport
C-DNS Storage Flags
Expert Review
Jim Hague, Sara Dickinson, John Dickinson
In version 1.0 of C-DNS , there is a field describing
attributes of the data recorded. The field is a CBOR
unsigned integer holding bit flags.
0
anonymized-data
The data has been anonymized.
1
sampled-data
The data is sampled data.
2
normalized-names
Names in the data have been normalized.
3-63
Unassigned
C-DNS Response Flags
Expert Review
Jim Hague, Sara Dickinson, John Dickinson
In version 1.0 of C-DNS , there is a field describing
attributes of the responses recorded. The field is a CBOR
unsigned integer holding bit flags.
0
from-cache
The Response came from cache.
1-63
Unassigned
C-DNS Address Event Types
Expert Review
Jim Hague, Sara Dickinson, John Dickinson
In version 1.0 of C-DNS , there is a field identifying types
of the events related to client addresses. This field is a CBOR
unsigned integer. There is a related optional field
"ae-code", which, if present, holds an additional CBOR unsigned
integer giving additional information specific to the event type.
0
TCP reset
None
1
ICMP time exceeded
ICMP code icmpcodes
2
ICMP destination unreachable
ICMP code icmpcodes
3
ICMPv6 time exceeded
ICMPv6 code icmpv6codes
4
ICMPv6 destination unreachable
ICMPv6 code icmpv6codes
5
ICMPv6 packet too big
ICMPv6 code icmpv6codes
6-18446744073709551615
Unassigned