QueryDNS

Description:

A powerful DNS query processor primary designed to enrich DataFlows with DNS based APIs (e.g. RBLs, ShadowServer's ASN lookup) but that can be also used to perform regular DNS lookups.

Tags:

dns, enrich, ip

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
Lookup valueQUERY_INPUTThe value that should be used to populate the query
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
Results ParserQUERY_PARSERNone
  • Split Use a delimiter character or RegEx  to split the results into attributes
  • RegEx Use a regular expression to split the results into attributes
  • None Do not split results
The method used to slice the results into attribute groups
Parser RegExQUERY_PARSER_INPUTChoice between a splitter and regex matcher used to parse the results of the query into attribute groups. NOTE: This is a multiline regular expression, therefore, the DFM should decide how to handle trailing new line characters.
DNS Query RetriesDNS_RETRIES1The number of attempts before giving up and moving on
DNS Query TimeoutDNS_TIMEOUT1500 msThe amount of time to wait until considering a query as failed
DNS ServersDNS_SERVERA comma separated list of DNS servers to be used. (Defaults to system wide if none is used)
DNS Query TypeDNS_QUERY_TYPETXTThe DNS query type to be used by the processor (e.g. TXT, A)

Relationships:

NameDescription
not foundWhere to route flow files if data enrichment query rendered no results
foundWhere to route flow files after successfully enriching attributes with data

Reads Attributes:

None specified.

Writes Attributes:

NameDescription
enrich.dns.record*.group*The captured fields of the DNS query response for each of the records received

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.