Class: DnsQuery

The DNS query object represents a specific request made to the Domain Name

System (DNS) to retrieve information about a domain or perform a DNS operation.

This object encapsulates the necessary attributes and methods to construct and

send DNS queries, specify the query type (e.g., A, AAAA, MX).

 classDiagram
    class DnsQuery
    click DnsQuery href "../DnsQuery/"
      Dns <|-- DnsQuery
        click Dns href "../Dns/"

      DnsQuery : class_

      DnsQuery : hostname

      DnsQuery : opcode

      DnsQuery : opcode_id





        DnsQuery --> "0..1 _recommended_" OpcodeIdEnum : opcode_id
        click OpcodeIdEnum href "../OpcodeIdEnum/"



      DnsQuery : packet_uid

      DnsQuery : type

Inheritance

OcsfObject
- Object
  - Dns
    - DnsQuery

Slots

Name	Cardinality and Range	Description	Inheritance
hostname	1 HostnameT	The hostname or domain being queried	direct
opcode	0..1 String	The DNS opcode specifies the type of the query message	direct
opcode_id	0..1 recommended OpcodeIdEnum	The DNS opcode ID specifies the normalized query message type as defined in <...	direct
class_	0..1 recommended String	The class of resource records being queried	Dns
packet_uid	0..1 recommended Integer	The DNS packet identifier assigned by the program that generated the query	Dns
type	0..1 recommended String	The type of resource records being queried	Dns

Usages

used by	used in	type	used
Evidences	query	range	DnsQuery
DnsActivity	query	range	DnsQuery
WindowsEvidences	query	range	DnsQuery

In Subsets

objects_subset

Aliases

DNS Query

Notes

D3FEND™ Ontology d3f:DNSLookup. — https://d3fend.mitre.org/dao/artifact/d3f:DNSLookup/

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/ocsf

Mappings

Mapping Type	Mapped Value
self	ocsf:DnsQuery
native	ocsf:DnsQuery

LinkML Source

Direct

name: DnsQuery
description: 'The DNS query object represents a specific request made to the Domain
  Name

  System (DNS) to retrieve information about a domain or perform a DNS operation.

  This object encapsulates the necessary attributes and methods to construct and

  send DNS queries, specify the query type (e.g., A, AAAA, MX).'
notes:
- 'D3FEND™ Ontology d3f:DNSLookup. —

  https://d3fend.mitre.org/dao/artifact/d3f:DNSLookup/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:DNSLookup/
aliases:
- DNS Query
is_a: Dns
slots:
- hostname
- opcode
- opcode_id
slot_usage:
  hostname:
    name: hostname
    description: 'The hostname or domain being queried. For example: <code>www.example.com</code>'
    required: true
  opcode_id:
    name: opcode_id
    recommended: true

Induced

name: DnsQuery
description: 'The DNS query object represents a specific request made to the Domain
  Name

  System (DNS) to retrieve information about a domain or perform a DNS operation.

  This object encapsulates the necessary attributes and methods to construct and

  send DNS queries, specify the query type (e.g., A, AAAA, MX).'
notes:
- 'D3FEND™ Ontology d3f:DNSLookup. —

  https://d3fend.mitre.org/dao/artifact/d3f:DNSLookup/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:DNSLookup/
aliases:
- DNS Query
is_a: Dns
slot_usage:
  hostname:
    name: hostname
    description: 'The hostname or domain being queried. For example: <code>www.example.com</code>'
    required: true
  opcode_id:
    name: opcode_id
    recommended: true
attributes:
  hostname:
    name: hostname
    description: 'The hostname or domain being queried. For example: <code>www.example.com</code>'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Hostname
    rank: 1000
    alias: hostname
    owner: DnsQuery
    domain_of:
    - Url
    - ApplicationObject
    - Databucket
    - DnsQuery
    - Endpoint
    - NetworkInterface
    - Reporter
    - ResourceDetails
    - Device
    range: HostnameT
    required: true
  opcode:
    name: opcode
    description: The DNS opcode specifies the type of the query message.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - DNS Opcode
    rank: 1000
    alias: opcode
    owner: DnsQuery
    domain_of:
    - DnsQuery
    range: string
  opcode_id:
    name: opcode_id
    annotations:
      suppress_checks:
        tag: suppress_checks
        value: enum_convention
    description: 'The DNS opcode ID specifies the normalized query message type as
      defined in <a

      target=''_blank''

      href=''https://www.rfc-editor.org/rfc/rfc5395.html''>RFC-5395</a>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - DNS Opcode ID
    rank: 1000
    alias: opcode_id
    owner: DnsQuery
    domain_of:
    - DnsQuery
    range: OpcodeIdEnum
    recommended: true
  class_:
    name: class_
    description: 'The class of resource records being queried. See <a target=''_blank''

      href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:

      <code>IN</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Class
    rank: 1000
    alias: class_
    owner: DnsQuery
    domain_of:
    - Dns
    - DnsAnswer
    - PeripheralDevice
    range: string
    recommended: true
  packet_uid:
    name: packet_uid
    description: 'The DNS packet identifier assigned by the program that generated
      the query. The

      identifier is copied to the response.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Packet UID
    rank: 1000
    alias: packet_uid
    owner: DnsQuery
    domain_of:
    - Dns
    range: integer
    recommended: true
  type:
    name: type
    description: 'The type of resource records being queried. See <a target=''_blank''

      href=''https://www.rfc-editor.org/rfc/rfc1035.txt''>RFC1035</a>. For example:
      A,

      AAAA, CNAME, MX, and NS.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Type
    rank: 1000
    alias: type
    owner: DnsQuery
    domain_of:
    - AnalysisTarget
    - Observable
    - Os
    - Osint
    - Package
    - PrivilegeInfo
    - ProgrammaticCredential
    - RelatedEvent
    - San
    - Sbom
    - Script
    - SoftwareComponent
    - StartupItem
    - ThreatActor
    - Ticket
    - Timespan
    - TlsExtension
    - Token
    - Dns
    - Resource
    - Account
    - Agent
    - Analytic
    - ApplicationObject
    - AuthenticationToken
    - ClassifierDetails
    - Cve
    - Database
    - Databucket
    - DiscoveryDetails
    - DnsAnswer
    - DomainContact
    - EncryptionDetails
    - Endpoint
    - Enrichment
    - File
    - Graph
    - Group
    - Ja4Fingerprint
    - Kernel
    - ManagedEntity
    - Metadata
    - Module
    - NetworkEndpoint
    - NetworkInterface
    - Node
    - PeripheralDevice
    - Policy
    - Rule
    - Scan
    - Trait
    - UnmannedAerialSystem
    - UnmannedSystemOperatingArea
    - User
    - WebResource
    - Device
    - DatastoreActivity
    - FtpActivity
    - RegValue
    - WinResource
    range: string
    recommended: true