Dear Bro Team,
I was working with some DNS logs and wanted to look at total number of DNS MX queries and responses. I used the usual bro-cut/awk/sort/uniq commands and turned out that there are absolutely no DNS responses within the log. I know that this is not true, and confirmed via tshark.
I looked at script /base/protocols/dns.bro. In the definition of what goes into the log, the entry says
Whether the message is a query (F) or response (T).
QR: bool &log &default=F;
which sounds good. But it seems that QR has not been assigned a value anywhere in the rest of the code, therefore the default value F is displayed whether it’s a query or a response. Maybe QR should become ‘T’ in all the dns_reply(AA/MX/…) events in the script.
Regards,
Hah! Nice catch. That QR field should have been removed before the release. The "log unit" that the DNS log represents is a query and its set of responses so the QR dns flag doesn't even make sense to be there. 
I just committed a patch to our fastpath branch which will be merged into the master branch soon.
To answer your larger question, just search for MX in the qtype_name field (or 15 in the type field). Each line represents a query and the responses received to the query so most of what you're looking for should be there. Check the field documentation to understand the fields better and please ask if the documentation isn't clear.
http://www.bro-ids.org/documentation/scripts/base/protocols/dns/main.html?highlight=dns%20main#type-DNS::Info
Thanks!
.Seth