This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element DNSQueryObj:DNS_Query
Namespace
http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNS_Query object is intended to represent a single DNS query.
<xs:element name="DNS_Query" type="DNSQueryObj:DNSQueryObjectType"><xs:annotation><xs:documentation>The DNS_Query object is intended to represent a single DNS query.</xs:documentation></xs:annotation></xs:element>
The Transaction_ID field specifies the Transaction ID value of the DNS query message header.
Diagram
Type
HexBinaryObjectPropertyType
Source
<xs:element name="Transaction_ID" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Transaction_ID field specifies the Transaction ID value of the DNS query message header.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Question" type="DNSQueryObj:DNSQuestionType" minOccurs="0"><xs:annotation><xs:documentation>The Question field specifies the DNS question component of the DNS query.</xs:documentation></xs:annotation></xs:element>
The QName field specifies the domain name being queried.
Diagram
Type
URIObjectType
Source
<xs:element name="QName" type="URIObj:URIObjectType" minOccurs="0"><xs:annotation><xs:documentation>The QName field specifies the domain name being queried.</xs:documentation></xs:annotation></xs:element>
<xs:element minOccurs="0" name="QType" type="DNSQueryObj:DNSRecordType"><xs:annotation><xs:documentation>The QType specifies the type of DNS query performed, in terms of the requested DNS record type.</xs:documentation></xs:annotation></xs:element>
The QClass field specifies the class of resource records being requested.
Diagram
Type
StringObjectPropertyType
Source
<xs:element minOccurs="0" name="QClass" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The QClass field specifies the class of resource records being requested.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Answer_Resource_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType"><xs:annotation><xs:documentation>The Answers field specifies any Answers resource records that were returned for the DNS query.</xs:documentation></xs:annotation></xs:element>
The Answer field specifies a single DNS resource record returned as part of a DNS query.
Diagram
Type
DNSRecordObjectType
Source
<xs:element name="Resource_Record" type="DNSRecordObj:DNSRecordObjectType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Answer field specifies a single DNS resource record returned as part of a DNS query.</xs:documentation></xs:annotation></xs:element>
<xs:element minOccurs="0" name="Authority_Resource_Records" type="DNSQueryObj:DNSResourceRecordsType"><xs:annotation><xs:documentation>The Authority_Resource_Records field specifies any Authority resource records that were returned for the DNS query.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Additional_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType"><xs:annotation><xs:documentation>The Authority_Resource_Records field specifies any Additional resource records that were returned for the DNS query.</xs:documentation></xs:annotation></xs:element>
The Date_Ran field specifies the date and time that the DNS query was run.
Diagram
Type
DateTimeObjectPropertyType
Source
<xs:element minOccurs="0" name="Date_Ran" type="cyboxCommon:DateTimeObjectPropertyType"><xs:annotation><xs:documentation>The Date_Ran field specifies the date and time that the DNS query was run.</xs:documentation></xs:annotation></xs:element>
The Service_Used field specifies the service used to run the DNS Query.
Diagram
Type
StringObjectPropertyType
Source
<xs:element minOccurs="0" name="Service_Used" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The Service_Used field specifies the service used to run the DNS Query.</xs:documentation></xs:annotation></xs:element>
Complex Type DNSQueryObj:DNSQueryObjectType
Namespace
http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSQueryType is intended to characterize a single DNS query and its components.
<xs:complexType name="DNSQueryObjectType"><xs:annotation><xs:documentation>The DNSQueryType is intended to characterize a single DNS query and its components.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="cyboxCommon:ObjectPropertiesType"><xs:sequence><xs:element name="Transaction_ID" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Transaction_ID field specifies the Transaction ID value of the DNS query message header.</xs:documentation></xs:annotation></xs:element><xs:element name="Question" type="DNSQueryObj:DNSQuestionType" minOccurs="0"><xs:annotation><xs:documentation>The Question field specifies the DNS question component of the DNS query.</xs:documentation></xs:annotation></xs:element><xs:element name="Answer_Resource_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType"><xs:annotation><xs:documentation>The Answers field specifies any Answers resource records that were returned for the DNS query.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="Authority_Resource_Records" type="DNSQueryObj:DNSResourceRecordsType"><xs:annotation><xs:documentation>The Authority_Resource_Records field specifies any Authority resource records that were returned for the DNS query.</xs:documentation></xs:annotation></xs:element><xs:element name="Additional_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType"><xs:annotation><xs:documentation>The Authority_Resource_Records field specifies any Additional resource records that were returned for the DNS query.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="Date_Ran" type="cyboxCommon:DateTimeObjectPropertyType"><xs:annotation><xs:documentation>The Date_Ran field specifies the date and time that the DNS query was run.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="Service_Used" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The Service_Used field specifies the service used to run the DNS Query.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="successful" type="xs:boolean"><xs:annotation><xs:documentation>The successful field specifies whether or not the DNS Query was successful.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:complexContent></xs:complexType>
Complex Type DNSQueryObj:DNSQuestionType
Namespace
http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSQuestionType specifies the components of a DNS Question, including the domain name queried, type, and class.
<xs:complexType name="DNSQuestionType"><xs:annotation><xs:documentation>The DNSQuestionType specifies the components of a DNS Question, including the domain name queried, type, and class.</xs:documentation></xs:annotation><xs:sequence><xs:element name="QName" type="URIObj:URIObjectType" minOccurs="0"><xs:annotation><xs:documentation>The QName field specifies the domain name being queried.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="QType" type="DNSQueryObj:DNSRecordType"><xs:annotation><xs:documentation>The QType specifies the type of DNS query performed, in terms of the requested DNS record type.</xs:documentation></xs:annotation></xs:element><xs:element minOccurs="0" name="QClass" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The QClass field specifies the class of resource records being requested.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type DNSQueryObj:DNSRecordType
Namespace
http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
DNSRecordType specifies DNS record types, via a union of the DNSRecordTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
<xs:complexType name="DNSRecordType"><xs:annotation><xs:documentation>DNSRecordType specifies DNS record types, via a union of the DNSRecordTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="DNSQueryObj:DNSRecordTypeEnum xs:string"/></xs:simpleType><xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type DNSQueryObj:DNSResourceRecordsType
Namespace
http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSAnswersType encompasses one or more resource records returned for a DNS query.
<xs:complexType name="DNSResourceRecordsType"><xs:annotation><xs:documentation>The DNSAnswersType encompasses one or more resource records returned for a DNS query.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Resource_Record" type="DNSRecordObj:DNSRecordObjectType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Answer field specifies a single DNS resource record returned as part of a DNS query.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Simple Type DNSQueryObj:DNSRecordTypeEnum
Namespace
http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSRecordTypeEnum is a non-exhaustive enumeration of DNS Record Type names.
Diagram
Type
restriction of xs:string
Facets
enumeration
A
enumeration
AAAA
enumeration
AFSDB
enumeration
APL
enumeration
CERT
enumeration
CNAME
enumeration
DHCID
enumeration
DLV
enumeration
DNAME
enumeration
DNSKEY
enumeration
DS
enumeration
HIP
enumeration
IPSECKEY
enumeration
KEY
enumeration
KX
enumeration
LOC
enumeration
MX
enumeration
NAPTR
enumeration
NS
enumeration
NSEC
enumeration
NSEC3
enumeration
NSEC3PARAM
enumeration
PTR
enumeration
RRSIG
enumeration
RP
enumeration
SIG
enumeration
SOA
enumeration
SPF
enumeration
SRV
enumeration
SSHFP
enumeration
TA
enumeration
TKEY
enumeration
TSIG
enumeration
TXT
Source
<xs:simpleType name="DNSRecordTypeEnum"><xs:annotation><xs:documentation>The DNSRecordTypeEnum is a non-exhaustive enumeration of DNS Record Type names.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="A"/><xs:enumeration value="AAAA"/><xs:enumeration value="AFSDB"/><xs:enumeration value="APL"/><xs:enumeration value="CERT"/><xs:enumeration value="CNAME"/><xs:enumeration value="DHCID"/><xs:enumeration value="DLV"/><xs:enumeration value="DNAME"/><xs:enumeration value="DNSKEY"/><xs:enumeration value="DS"/><xs:enumeration value="HIP"/><xs:enumeration value="IPSECKEY"/><xs:enumeration value="KEY"/><xs:enumeration value="KX"/><xs:enumeration value="LOC"/><xs:enumeration value="MX"/><xs:enumeration value="NAPTR"/><xs:enumeration value="NS"/><xs:enumeration value="NSEC"/><xs:enumeration value="NSEC3"/><xs:enumeration value="NSEC3PARAM"/><xs:enumeration value="PTR"/><xs:enumeration value="RRSIG"/><xs:enumeration value="RP"/><xs:enumeration value="SIG"/><xs:enumeration value="SOA"/><xs:enumeration value="SPF"/><xs:enumeration value="SRV"/><xs:enumeration value="SSHFP"/><xs:enumeration value="TA"/><xs:enumeration value="TKEY"/><xs:enumeration value="TSIG"/><xs:enumeration value="TXT"/></xs:restriction></xs:simpleType>
<xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="successful" type="xs:boolean"><xs:annotation><xs:documentation>The successful field specifies whether or not the DNS Query was successful.</xs:documentation></xs:annotation></xs:attribute>