The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.

type: long

The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response.

example: QUERY

A DNS flag specifying that the responding server is an authority for the domain name used in the question.

type: boolean

A DNS flag specifying whether recursive query support is available in the name server.

type: boolean

A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.

type: boolean

A DNS flag specifying that the recursive server considers the response authentic.

type: boolean

A DNS flag specifying that the client disables the server signature validation of the query.

type: boolean

A DNS flag specifying that only the first 512 bytes of the reply were returned.

type: boolean

The DNS status code.

example: NOERROR

The domain name being queried. If the name field contains non-printable characters (below 32 or above 126), then those characters are represented as escaped base 10 integers (\DDD). Back slashes and quotes are escaped. Tabs, carriage returns, and line feeds are converted to \t, \r, and \n respectively.

example: www.google.com.

The type of records being queried.

example: AAAA

The class of of records being queried.

example: IN

The effective top-level domain (eTLD) plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org.

example: amazon.co.uk.

An array containing a dictionary about each answer section returned by the server.

type: object

The number of resource records contained in the dns.answers field.

type: long

The domain name to which this resource record pertains.

example: example.com.

The type of data contained in this resource record.

example: MX

The class of DNS data contained in this resource record.

example: IN

The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.

type: long

The data describing the resource. The meaning of this data depends on the type and class of the resource record.

An array containing a dictionary for each authority section from the answer.

type: object

The number of resource records contained in the dns.authorities field. The dns.authorities field may or may not be included depending on the configuration of Packetbeat.

type: long

The domain name to which this resource record pertains.

example: example.com.

The type of data contained in this resource record.

example: NS

The class of DNS data contained in this resource record.

example: IN

An array containing a dictionary for each additional section from the answer.

type: object

The number of resource records contained in the dns.additionals field. The dns.additionals field may or may not be included depending on the configuration of Packetbeat.

type: long

The domain name to which this resource record pertains.

example: example.com.

The type of data contained in this resource record.

example: NS

The class of DNS data contained in this resource record.

example: IN

The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.

type: long

The data describing the resource. The meaning of this data depends on the type and class of the resource record.

The EDNS version.

example: 0

If set, the transaction uses DNSSEC.

type: boolean

Extended response code field.

example: BADVERS

Requestor’s UDP payload size (in bytes).

type: long