Filter IP from DNS Answers

metrics

#1

Does anyone know how to query an IP from a DNS Response Answer Field?

I’m using the filtering tool in metrics and can see the following in the DNS response.:

Answers:{‘names’:’mysearcheddomain.com’,’data:addr4’:’123.123.123.123’}

However, when I run this filter:

answers ~ 123.123.123.123 “(~ is the only option I have on the blog for the contains option)”

It produces 0 results.

Thanks.


#2

Turns out I need to walk through the answers array:

if (event  === "DNS_RESPONSE") {
    for (var i in DNS.answers) {
	    if(DNS.answers[i].data) {
		    ipanswer = DNS.answers[i].data.toString()
		    if(ipanswer.search('123.123.123.123') > -1) {
			    DNS.commitRecord()
		    }
	    }
    }
}

I still need to create an app that stores on the results so I can continue to commit all other dns records. If you have a solution for that, let me know.

Thanks.


#3
if (event  === "DNS_RESPONSE") {
    for (var i in DNS.answers) {
	    if(DNS.answers[i].data) {
		    ipanswer = DNS.answers[i].data.toString()
		    if(ipanswer.search('123.123.123.123') > -1) {
                            Application("DNS-123.123.123.123").commit();
			    DNS.commitRecord()
		    }
	    }
    }
}

I’ve added a line to your trigger which would push this information to an application called DNS-123.123.123.123 in addition to committing the record. You can search records based on application to find them easily going forward.