Module dns

Available on crate feature dns only.

Expand description

Passive DNS observer (UDP/53).

Parses DNS query/response messages observed in UDP/53 traffic. Two integration shapes:

DnsUdpObserver — callback-style tap that wraps an inner FlowExtractor and fires DnsHandler events as a side effect of extraction.
DnsUdpParser — typed message stream impl of DatagramParser. Pair with datagram_stream(...) from netring.

Both pair with the Correlator for query/response RTT matching by 16-bit transaction ID, scoped per flow key.

§Quick start (parser only)

use flowscope::dns::{parse_message, DnsParseResult};

let payload: &[u8] = b"";  // your UDP/53 payload
match parse_message(payload) {
    Ok(DnsParseResult::Query(q)) => println!("query: {} questions", q.questions.len()),
    Ok(DnsParseResult::Response(r)) => println!("response: rcode={:?}", r.rcode),
    Err(_e) => {}  // malformed — ignore
}

§Scope

UDP/53 only in v0.1. TCP/53 (large responses, AXFR/IXFR) and DoT (TLS/853) are deferred.
Passive — no resolution, no validation.
DNSSEC: RRSIG/DNSKEY surface as DnsRdata::Other with raw rdata; we don’t validate.
Common record types decoded: A, AAAA, CNAME, NS, PTR, MX. Everything else: DnsRdata::Other { rtype, data }.

Structs§

Correlator: Correlator state for query/response matching.
DnsConfig: Tunables for the DNS observer.
DnsFlags: Flag/header bits from the DNS message header word.
DnsQuery: Parsed DNS query observed on the wire.
DnsQuestion
DnsRecord: One DNS resource record.
DnsResponse: Parsed DNS response.
DnsTcpParser: Per-flow DNS-over-TCP parser. Holds independent length-framed buffers for the initiator (queries) and responder (responses).
DnsUdpObserver: Wraps an inner FlowExtractor; for every packet whose UDP src or dst port matches udp_port, parses the DNS payload and fires events via the user’s DnsHandler.
DnsUdpParser: Per-flow parser. Stateless w.r.t. across-packet correlation — each datagram is parsed independently. For query/response RTT matching, see crate::dns::Correlator (used by crate::dns::DnsUdpObserver).

Enums§

DnsMessage: Unified message type emitted by DnsUdpParser.
DnsParseResult: Outcome of parse_message.
DnsRcode: DNS response code (RFC 1035 §4.1.1, RFC 6895 for extended codes).
DnsRdata: Decoded record data for the common types we can render simply. Everything else lands in DnsRdata::Other.
Error: Errors from the DNS module.

Traits§

DnsHandler: User implements this to receive parsed DNS events.

Functions§

parse_message: Parse one DNS UDP payload into a DnsQuery or DnsResponse.
parse_message_at: Same as parse_message but lets you set the event timestamp.

Module dns

Module dns Copy item path

§Quick start (parser only)

§Scope

Structs§

Enums§

Traits§

Functions§

Module dns