1) In the DNS policy file there is an event for "dns_EDNS_addl" what
part of the packet is this field in a DNS connection
EDNS is a general mechanism for specifying extensions to DNS.
and what is the
"pldsize" value from?
It comes from the framing provided by the EDNS mechanism.
Is there a way to break out the data from this field?
No, though if there are specific EDNS extensions you're interested in,
we'd certainly encourage you to consider adding analysis for them to
the event engine (in DNS.cc).
2) When a DNS record has "DNS_SEC_OK" What is that from the packet connection?
That's also part of EDNS (the 'Z' field), and specifes that the extension
accepts DNSSEC RRs.