Gateway DNS
The descriptions below detail the fields available for gateway_dns
.
ApplicationID
Type: int
ID of the application the domain belongs to (for example, 1, 2). Set to 0 when no ApplicationID is matched.
CNAMECategoryIDs
Type: array[int]
ID or IDs of category that the intermediate cname domains belongs to (for example, [7,12,28,122,129,163]).
CNAMECategoryNames
Type: array[string]
Name or names of category that the intermediate cname domains belongs to (for example, [‘Photography’, ‘Weather’]).
ColoCode
Type: string
The name of the colo that received the DNS query (for example, ‘SJC’, ‘MIA’, ‘IAD’).
ColoID
Type: int
The ID of the colo that received the DNS query (for example, 46, 72, 397).
CustomResolveDurationMs
Type: int
The time it took for the custom resolver to respond.
CustomResolverAddress
Type: string
IP and port combo used to resolve the custom dns resolver query, if any.
CustomResolverPolicyID
Type: string
Custom resolver policy UUID, if matched.
CustomResolverPolicyName
Type: string
Custom resolver policy name, if matched.
CustomResolverResponse
Type: string
Status of the custom resolver response.
Datetime
Type: int or string
The date and time the corresponding DNS request was made (for example, ‘2021-07-27T00:01:07Z’).
DeviceID
Type: string
UUID of the device where the HTTP request originated from (for example, ‘dad71818-0429-11ec-a0dc-000000000000’).
DeviceName
Type: string
The name of the device where the HTTP request originated from (for example, ‘Laptop MB810’).
DstIP
Type: string
The destination IP address the DNS query was made to (for example, ‘104.16.132.2290’).
DstPort
Type: int
The destination port used at the edge. The port changes based on the protocol used by the DNS query (for example, 0).
Type: string
Email used to authenticate the client (for example, ‘user@test.com’).
InitialCategoryIDs
Type: array[int]
ID or IDs of category that the queried domains belongs to (for example, [7,12,28,122,129,163]).
InitialCategoryNames
Type: array[string]
Name or names of category that the queried domains belongs to (for example, [‘Photography’, ‘Weather’]).
IsResponseCached
Type: bool
Response comes from cache or not.
Location
Type: string
Name of the location the DNS request is coming from. Location is created by the customer (for example, ‘Office NYC’).
LocationID
Type: string
UUID of the location the DNS request is coming from. Location is created by the customer (for example, ‘7bdc7a9c-81d3-4816-8e56-000000000000’).
MatchedCategoryIDs
Type: array[int]
ID or IDs of category that the domain was matched with the policy (for example, [7,12,28,122,129,163]).
MatchedCategoryNames
Type: array[string]
Name or names of category that the domain was matched with the policy (for example, [‘Photography’, ‘Weather’]).
MatchedIndicatorFeedIDs
Type: array[int]
ID or IDs of indicator feed(s) that the domain was matched with the policy (for example, [7,12]).
MatchedIndicatorFeedNames
Type: array[string]
Name or names of indicator feed(s) that the domain was matched with the policy (for example, [‘Vendor Malware Feed’, ‘Vendor CoC Feed’]).
Policy
Type: string
Name of the policy that was applied (if any) (for example, ‘7bdc7a9c-81d3-4816-8e56-de1acad3dec5’).
PolicyID
Type: string
ID of the policy/rule that was applied (if any).
Protocol
Type: string
The protocol used for the DNS query by the client (for example, ‘udp’).
QueryCategoryIDs
Type: array[int]
Union of all categories; Initial categories + Resolved IP categories + Cname intermediate categories
QueryCategoryNames
Type: array[string]
Union of all category names; Initial categories + Resolved IP categories + Cname intermediate categories
QueryIndicatorFeedIDs
Type: array[int]
ID or IDs of indicator feed(s) that the domain belongs to (for example, [7,12,28]).
QueryIndicatorFeedNames
Type: array[string]
Name or names of indicator feed(s) that the domain belongs to (for example, [‘Vendor Malware Feed’, ‘Vendor CoC Feed’, ‘Vendor Phishing Feed’]).
QueryName
Type: string
The query name (for example, ’example.com’). Cloudflare will surface ‘.’ for root server queries in your logs.
QueryNameReversed
Type: string
Query name in reverse (for example, ‘com.example’). Cloudflare will surface ‘.’ for root server queries in your logs.
QuerySize
Type: int
The size of the DNS request in bytes (for example, 151).
QueryType
Type: int
The type of DNS query (for example, 1, 28, 15, or 16).
QueryTypeName
Type: string
The type of DNS query (for example, ‘A’, ‘AAAA’, ‘MX’, or ‘TXT’).
RCode
Type: int
The return code sent back by the DNS resolver.
RData
Type: array[object]
The rdata objects (for example, {“type”:“5”,“data”:“dns-packet-placeholder…”}).
ResolvedIPCategoryIDs
Type: array[int]
ID or IDs of category that the ips in the response belongs to (for example, [7,12,28,122,129,163]).
ResolvedIPCategoryNames
Type: array[string]
Name or names of category that the ips in the response belongs to (for example, [‘Photography’, ‘Weather’]).
ResolvedIPs
Type: array[string]
The resolved IPs in the response, if any (for example [‘203.0.113.1’, ‘203.0.113.2’]).
ResolverDecision
Type: string
Result of the DNS query (for example, ‘overrideForSafeSearch’).
SrcIP
Type: string
The source IP address making the DNS query (for example, ‘104.16.132.229’).
SrcPort
Type: int
The port used by the client when they sent the DNS request (for example, 0).
TimeZone
Type: string
Time zone used to calculate the current time, if a matched rule was scheduled with it.
TimeZoneInferredMethod
Type: string
Method used to pick the time zone for the schedule (from rule/ from user ip/ from local time).
UserID
Type: string
User identity where the HTTP request originated from (for example, ‘00000000-0000-0000-0000-000000000000’).