Parsing errors related to rule keywords associated to DNS protocol

m6201 · June 3, 2024, 10:06am

Hello, I was trying to create a basic rule related to DNS protocol, and tried to use dns.rrtype and dns.rcode keywords writing dns.rcode:!0; and dns.rrtype:!0; in the rule.

However, I got the following errors:

E: detect-parse: unknown rule keyword 'dns.rcode'.
E: detect-parse: unknown rule keyword 'dns.rrtype'.

I am using Suricata 7.0.5 in Ubuntu 22.04.4. I would like to know what caused this error and how could I solve it. Thanks in advance.

ish · June 3, 2024, 3:14pm

Sorry, these features are not in 7.0.5 at this time.

Our documentation site can be misleading here defaulting to the development branch and calling it latest, you’ll want to flip the version specifier to suricata-7.0.5 to verify whats in 7.0.5.

Topic		Replies	Views
App-layer protocol support for "smtp", but no SMTP keywords for rules? Rules rules	2	456	July 4, 2023
Help with datasets and DNS Rules	7	1462	March 11, 2024
Suricata DNS IPS rule Rules	7	1922	October 14, 2021
Tls_state keyword unsupported Rules rules	3	92	June 20, 2024
Suricata rule to block dns query type 64 (svcb) Rules	1	990	December 27, 2022

Parsing errors related to rule keywords associated to DNS protocol

Related Topics