Gateway DNS
The descriptions below detail the fields available for gateway_dns.
| Field | Value | Type |
|---|---|---|
| ApplicationID | ID of the application the domain belongs to (for example, 1, 2). Set to 0 when no ApplicationID is matched. | int |
| ColoCode | The name of the colo that received the DNS query (for example, ‘SJC’, ‘MIA’, ‘IAD’). | string |
| ColoID | The ID of the colo that received the DNS query (for example, 46, 72, 397). | int |
| CustomResolveDurationMs | The time it took for the custom resolver to respond. | int |
| CustomResolverAddress | IP and port combo used to resolve the custom dns resolver query, if any. | string |
| CustomResolverPolicyID | Custom resolver policy UUID, if matched. | string |
| CustomResolverPolicyName | Custom resolver policy name, if matched. | string |
| CustomResolverResponse | Status of the custom resolver response. | string |
| Datetime | The date and time the corresponding DNS request was made (for example, ‘2021-07-27T00:01:07Z’). | int or string |
| DeviceID | UUID of the device where the HTTP request originated from (for example, ‘dad71818-0429-11ec-a0dc-000000000000’). | string |
| DeviceName | The name of the device where the HTTP request originated from (for example, ‘Laptop MB810’). | string |
| DstIP | The destination IP address the DNS query was made to (for example, ‘104.16.132.2290’). | string |
| DstPort | The destination port used at the edge. The port changes based on the protocol used by the DNS query (for example, 0). | int |
| Email used to authenticate the client (for example, ‘user@test.com’). | string | |
| IsResponseCached | Response comes from cache or not. | bool |
| Location | Name of the location the DNS request is coming from. Location is created by the customer (for example, ‘Office NYC’). | string |
| LocationID | UUID of the location the DNS request is coming from. Location is created by the customer (for example, ‘7bdc7a9c-81d3-4816-8e56-000000000000’). | string |
| MatchedCategoryIDs | ID or IDs of category that the domain was matched with the policy (for example, [7,12,28,122,129,163]). | array[int] |
| MatchedCategoryNames | Name or names of category that the domain was matched with the policy (for example, [‘Photography’, ‘Weather’]). | array[string] |
| MatchedIndicatorFeedIDs | ID or IDs of indicator feed(s) that the domain was matched with the policy (for example, [7,12]). | array[int] |
| MatchedIndicatorFeedNames | Name or names of indicator feed(s) that the domain was matched with the policy (for example, [‘Vendor Malware Feed’, ‘Vendor CoC Feed’]). | array[string] |
| Policy | Name of the policy that was applied (if any) (for example, ‘7bdc7a9c-81d3-4816-8e56-de1acad3dec5’). | string |
| PolicyID | ID of the policy/rule that was applied (if any). | string |
| Protocol | The protocol used for the DNS query by the client (for example, ‘udp’). | string |
| QueryCategoryIDs | ID or IDs of category that the domain belongs to (for example, [7,12,28,122,129,163]). | array[int] |
| QueryCategoryNames | Name or names of category that the domain belongs to (for example, [‘Photography’, ‘Weather’]). | array[string] |
| QueryIndicatorFeedIDs | ID or IDs of indicator feed(s) that the domain belongs to (for example, [7,12,28]). | array[int] |
| QueryIndicatorFeedNames | Name or names of indicator feed(s) that the domain belongs to (for example, [‘Vendor Malware Feed’, ‘Vendor CoC Feed’, ‘Vendor Phishing Feed’]). | array[string] |
| QueryName | The query name (for example, ’example.com’). | string |
| QueryNameReversed | Query name in reverse (for example, ‘com.example’). | string |
| QuerySize | The size of the DNS request in bytes (for example, 151). | int |
| QueryType | The type of DNS query (for example, ‘1’, ‘28’, ‘15’, or ‘16’). | string |
| QueryTypeName | The type of DNS query (for example, ‘A’, ‘AAAA’, ‘MX’, or ‘TXT’). | string |
| RCode | The return code sent back by the DNS resolver. | int |
| RData | The rdata objects (for example, {“type”:“5”,“data”:“dns-packet-placeholder…”}). | array[object] |
| ResolvedIPs | The resolved IPs in the response, if any (for example [‘203.0.113.1’, ‘203.0.113.2’]). | array[string] |
| ResolverDecision | Result of the DNS query (for example, ‘overrideForSafeSearch’). | string |
| SrcIP | The source IP address making the DNS query (for example, ‘104.16.132.229’). | string |
| SrcPort | The port used by the client when they sent the DNS request (for example, 0). | int |
| TimeZone | Time zone used to calculate the current time, if a matched rule was scheduled with it. | string |
| TimeZoneInferredMethod | Method used to pick the time zone for the schedule (from rule/ from user ip/ from local time). | string |
| UserID | User identity where the HTTP request originated from (for example, ‘00000000-0000-0000-0000-000000000000’). | string |