Is it feasible to enrich events with say, DNS CAA record details as it flows through stream?

Are you saying you want to use the DNS lookup function to enrich?

Or something else?

Looks like we need to add the CAA resource type to the DNS Lookup function, but you should be able to get the result with the `ANY` type and then use an eval.

<@U02UFGDA7N1&gt; for your attention ^^

Yah, CAA and a few recent bits of DNS seem to get skipped a lot

Maybe make record type a free text field?

Like the Redis function

Might be some differences in the functionality behind the scenes, but good idea

Yeah, I tried to hack the JSON and insert CAA, but it is too strict and doesn't accept the value :slightly_smiling_face:

would the DNS Lookup function returned information be dependent on host OS?

I strongly doubt that

Even Windows usually manages to resolve DNS

Using the function via Edge that's collecting from a Windows 10 device. But I'm not seeing any CAA information

Do you have access to the box?

I just learned that neither nslookup nor Powershell can handle CAA records oO

yah

yah, hence my question

like if javascript is reliant on the host OS or if it's implementing and not relying on host os

I can't believe this. Found a bug report for PHP from 2018 where someone ran into the same issue. Seems the Windows API just lacks this function. What a mess...

Gotta love Windows.

Maybe will see it in Windows 12

eventually this will shift to a Linux box, maybe I'll just speed that up heh

Ha, I asked ChatGPT and exactly as expected it lied to me and told me it works with nslookup. That mofo.

hahaha

I keep working on teaching lies to ChatGPT