Class: DnsAnswer
The DNS Answer object represents a specific response provided by the Domain
Name System (DNS) when querying for information about a domain or performing a
DNS operation. It encapsulates the relevant details and data returned by the
DNS server in response to a query.
URI: ocsf:DnsAnswer
classDiagram
class DnsAnswer
click DnsAnswer href "../DnsAnswer/"
Dns <|-- DnsAnswer
click Dns href "../Dns/"
DnsAnswer : class_
DnsAnswer : flag_ids
DnsAnswer --> "* _recommended_" DnsAnswerFlagIdsEnum : flag_ids
click DnsAnswerFlagIdsEnum href "../DnsAnswerFlagIdsEnum/"
DnsAnswer : flags
DnsAnswer : packet_uid
DnsAnswer : rdata
DnsAnswer : ttl
DnsAnswer : type
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| class_ | 0..1 recommended String |
The class of DNS data contained in this resource record | direct |
| flag_ids | * recommended DnsAnswerFlagIdsEnum |
The list of DNS answer header flag IDs | direct |
| flags | * String |
The list of DNS answer header flags | direct |
| rdata | 1 String |
The data describing the DNS resource | direct |
| ttl | 0..1 recommended Integer |
The time interval that the resource record may be cached | direct |
| type | 0..1 recommended String |
The type of data contained in this resource record | direct |
| packet_uid | 0..1 recommended Integer |
The DNS packet identifier assigned by the program that generated the query | Dns |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Osint | answers | range | DnsAnswer |
| DnsActivity | answers | range | DnsAnswer |
In Subsets
Aliases
- DNS Answer
See Also
Notes
- D3FEND™ Ontology d3f:InboundInternetDNSResponseTraffic. — https://d3fend.mitre.org/dao/artifact/d3f:InboundInternetDNSResponseTraffic/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:DnsAnswer |
| native | ocsf:DnsAnswer |
| close | uco_master:DNSRecord |
LinkML Source
Direct
name: DnsAnswer
description: 'The DNS Answer object represents a specific response provided by the
Domain
Name System (DNS) when querying for information about a domain or performing a
DNS operation. It encapsulates the relevant details and data returned by the
DNS server in response to a query.'
notes:
- 'D3FEND™ Ontology d3f:InboundInternetDNSResponseTraffic. —
https://d3fend.mitre.org/dao/artifact/d3f:InboundInternetDNSResponseTraffic/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:InboundInternetDNSResponseTraffic/
aliases:
- DNS Answer
close_mappings:
- uco_master:DNSRecord
is_a: Dns
slots:
- class_
- flag_ids
- flags
- rdata
- ttl
- type
slot_usage:
class_:
name: class_
description: 'The class of DNS data contained in this resource record. See <a
target=''_blank''
href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
<code>IN</code>.'
recommended: true
flag_ids:
name: flag_ids
description: The list of DNS answer header flag IDs.
range: DnsAnswerFlagIdsEnum
recommended: true
flags:
name: flags
description: The list of DNS answer header flags.
rdata:
name: rdata
required: true
ttl:
name: ttl
recommended: true
type:
name: type
description: 'The type of data contained in this resource record. See <a target=''_blank''
href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
<code>CNAME</code>.'
recommended: true
Induced
name: DnsAnswer
description: 'The DNS Answer object represents a specific response provided by the
Domain
Name System (DNS) when querying for information about a domain or performing a
DNS operation. It encapsulates the relevant details and data returned by the
DNS server in response to a query.'
notes:
- 'D3FEND™ Ontology d3f:InboundInternetDNSResponseTraffic. —
https://d3fend.mitre.org/dao/artifact/d3f:InboundInternetDNSResponseTraffic/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:InboundInternetDNSResponseTraffic/
aliases:
- DNS Answer
close_mappings:
- uco_master:DNSRecord
is_a: Dns
slot_usage:
class_:
name: class_
description: 'The class of DNS data contained in this resource record. See <a
target=''_blank''
href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
<code>IN</code>.'
recommended: true
flag_ids:
name: flag_ids
description: The list of DNS answer header flag IDs.
range: DnsAnswerFlagIdsEnum
recommended: true
flags:
name: flags
description: The list of DNS answer header flags.
rdata:
name: rdata
required: true
ttl:
name: ttl
recommended: true
type:
name: type
description: 'The type of data contained in this resource record. See <a target=''_blank''
href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
<code>CNAME</code>.'
recommended: true
attributes:
class_:
name: class_
description: 'The class of DNS data contained in this resource record. See <a
target=''_blank''
href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
<code>IN</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Class
rank: 1000
alias: class_
owner: DnsAnswer
domain_of:
- Dns
- DnsAnswer
- PeripheralDevice
range: string
recommended: true
flag_ids:
name: flag_ids
annotations:
sibling:
tag: sibling
value: flags
description: The list of DNS answer header flag IDs.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Communication Flag IDs
rank: 1000
alias: flag_ids
owner: DnsAnswer
domain_of:
- DnsAnswer
range: DnsAnswerFlagIdsEnum
recommended: true
multivalued: true
flags:
name: flags
description: The list of DNS answer header flags.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Flags
rank: 1000
alias: flags
owner: DnsAnswer
domain_of:
- Request
- Response
- Trace
- DceRpc
- DnsAnswer
range: string
multivalued: true
rdata:
name: rdata
description: 'The data describing the DNS resource. The meaning of this data depends
on the
type and class of the resource record.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- DNS RData
rank: 1000
alias: rdata
owner: DnsAnswer
domain_of:
- DnsAnswer
range: string
required: true
ttl:
name: ttl
description: 'The time interval that the resource record may be cached. Zero value
means that
the resource record can only be used for the transaction in progress, and
should not be cached.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- TTL
rank: 1000
alias: ttl
owner: DnsAnswer
domain_of:
- DnsAnswer
range: integer
recommended: true
type:
name: type
description: 'The type of data contained in this resource record. See <a target=''_blank''
href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
<code>CNAME</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: DnsAnswer
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
recommended: true
packet_uid:
name: packet_uid
description: 'The DNS packet identifier assigned by the program that generated
the query. The
identifier is copied to the response.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Packet UID
rank: 1000
alias: packet_uid
owner: DnsAnswer
domain_of:
- Dns
range: integer
recommended: true