Description:
A powerful DNS query processor primary designed to enrich DataFlows with DNS based APIs (e.g. RBLs, ShadowServer’s ASN lookup) but that can be also used to perform regular DNS lookups.
Tags:
dns, enrich, ip
Properties:
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the Expression Language Guide.
| Name | Default Value | Allowable Values | Description |
| Lookup value | The value that should be used to populate the query Supports Expression Language: true | ||
| Results Parser | None |
Split  RegEx None Do not split results |
The method used to slice the results into attribute groups |
| Parser RegEx | Choice between a splitter and regex matcher used to parse the results of the query into attribute groups. NOTE: This is a multiline regular expression, therefore, the DFM should decide how to handle trailing new line characters. | ||
| DNS Query Retries | 1 | The number of attempts before giving up and moving on | |
| DNS Query Timeout | 1500ms | The amount of time to wait until considering a query as failed | |
| DNS Servers | A comma separated list of DNS servers to be used. (Defaults to system wide if none is used) | ||
| DNS Query Type | TXT | The DNS query type to be used by the processor (e.g. TXT, A) |
Relationships:
| Name | Description |
| not found | Where to route flow files after successfully enriching attributes with data |
| found | Where to route flow files if data enrichment query rendered no results |
Reads Attributes:
None specified.
Writes Attributes:
| Name | Description |
| enrich.dns.record*.group* | The captured fields of the DNS query response for each of the records received |
State management:
This component does not store state.
Restricted:
This component is not restricted.