Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS requests appear to be missing or incomplete. #695

Open
maxfisher-g opened this issue Mar 20, 2023 · 3 comments
Open

DNS requests appear to be missing or incomplete. #695

maxfisher-g opened this issue Mar 20, 2023 · 3 comments

Comments

@maxfisher-g
Copy link
Contributor

It seems like in some cases we have a race condition in our packet capture, which is causing noise/imprecision in logging of DNS requests.
@calebbrown calebbrown changed the title Potential race conditions in packet capture DNS requests appear to be missing or incomplete. Apr 28, 2023
@calebbrown
Copy link
Contributor

One possible cause is a race condition in the package capture. This would occur if there are packets that are still in transit after the packet capture has been stopped.

@calebbrown
Copy link
Contributor

Another cause that is likely happening is DNS over UDP being truncated due to the message size limitations. The DNS traffic is then issued over TCP, however this is not being observed or recorded.

Note: DNS truncation happening does not exclude the possibility of race condition existing as well.

@calebbrown
Copy link
Contributor

Support for DNS over TCP is not handled easily in gopacket, and likely requires some redesign over the packet capture logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@calebbrown @maxfisher-g