Notification: Events
Notification: Events
Notifications are sent when incoming data triggers a unique event. Characteristics for event types is that they should be quite rare and specific. The model event is the “first ever seen” event, where a notification is sent when a domain is seen for the first time on a server.
Data
| # | Name | Type | Required | Description |
|---|---|---|---|---|
| 1 | event | Integer | yes | Type of notification |
| 2 | sendtime | Timestamp | no | Event time of transmission |
| 3 | name | Bytestring | yes | The fully qualified domain name |
| 4 | type | Int16 | yes | Query type |
| 5 | class | Int16 | no | Query Class |
| 6 | rflags | Int16 | yes | Response header flags |
| 7 | ttl | Int32 | no | Resource record time-to-live |
| 8 | rdlength | Int16 | yes | Length of RDATA |
| 9 | rdata | Bytestring | no | Response data resource record |
| 10 | nsname | Bytestring | no | Name of responding authoritative server |
| 11 | nsip | IP address | no | IPv4 or IPv6 Address of responding authoritative server |
Extensions for local use could include information about the querying client, but these are not privacy safe and should be confined to the local system owner.
| # | Name | Type | Description | Required |
|---|---|---|---|---|
| 12 | client | ip | no | Pseaudonymized client IP address |
| 13 | timestamp | datetime | no | Client query time |
| 14 | qheader | int16 | no | Request header flags |