You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are testing some Splunk detections and it seems that large TXT-records are not logged at all by passivedns.
The following TXT-records is 2048 chars, which is the max for a TXT record. $ nslookup -q=TXT mobydick.vaglid.net
The DNS reply gets split into different strings as expected both by Windows and Linux resolvers, but no logs appear in the passivedns logs.
The following TXT-record is 277 chars. For this DNS reply the first 256 chars gets logged by passivedns, but not the second segment. $nslookup -q=TXT txttest.vaglid.net
[*] PassiveDNS 1.2.0
[*] By Edward Bjarte Fjellskål <[email protected]>
[*] Using libpcap version 1.5.3
[*] Using ldns version 1.6.16
Cheers,
Rolf
The text was updated successfully, but these errors were encountered:
We are testing some Splunk detections and it seems that large TXT-records are not logged at all by passivedns.
The following TXT-records is 2048 chars, which is the max for a TXT record.
$ nslookup -q=TXT mobydick.vaglid.netThe DNS reply gets split into different strings as expected both by Windows and Linux resolvers, but no logs appear in the passivedns logs.
The following TXT-record is 277 chars. For this DNS reply the first 256 chars gets logged by passivedns, but not the second segment.
$nslookup -q=TXT txttest.vaglid.netCheers,
Rolf
The text was updated successfully, but these errors were encountered: