Hi All,
I am in the process of writing parser for the DNSSEC RR types in DNS responses, and written RRSIG (type=46) parser by adding code to existing DNS protocol analyzer in Bro 2.5.4 src code.
I have tested the code by recompiling it on our test server and running it against a dns pcap, and it correctly parses the RRSIG record and logs it.
And hence have requested a Pull request to merge in the upstream Bro master repo .
Planning to write the remaining DNSSEC RR types: NSEC, DS and DNSKEY parsing in Bro DNS analyzer as well, once I get the feedback on the current merge request of the code for parsing RRSIG.
Thanks,
Fatema.