You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Has anyone considered returning the dns_flags as a map, instead of a string? Thus you can run queries that check, for example, if it's a recursive query, like
SELECT * from pcap where dns_flags['rd'];
currently that can be expressed as
select * from pcap where array_contains(split(dns_flags, ' '), 'rd')
This idea can be extended as well to parse options in the OPT RR, to extract EDNS info or extended flags such as NSID
The text was updated successfully, but these errors were encountered:
Has anyone considered returning the dns_flags as a map, instead of a string? Thus you can run queries that check, for example, if it's a recursive query, like
SELECT * from pcap where dns_flags['rd'];
currently that can be expressed as
select * from pcap where array_contains(split(dns_flags, ' '), 'rd')
This idea can be extended as well to parse options in the OPT RR, to extract EDNS info or extended flags such as NSID
The text was updated successfully, but these errors were encountered: