Add support for EDNS and DNSSEC

CHANGELOG.asciidoc

@@ -18,6 +18,9 @@ https://github.com/elastic/beats/compare/1.0.0...master[Check the HEAD diff]
 - Move event preprocessor applying GeoIP to packetbeat {pull}772[772]
 
 *Packetbeat*
+- Rename output fields in the dns package. Former flag `recursion_allowed` becomes `recursion_available`. {pull}803[803]
+  Former SOA field `ttl` becomes `minimum`. {pull}803[803]
+- The fully qualified domain names which are part of output fields values of the dns package now terminate with a dot. {pull}803[803]
 
 *Topbeat*
 - Rename proc.cpu.user_p with proc.cpu.total_p as includes CPU time spent in kernel space {pull}631[631]
@@ -64,6 +67,7 @@ https://github.com/elastic/beats/compare/1.0.0...master[Check the HEAD diff]
 
 *Packetbeat*
 - Add support for capturing DNS over TCP network traffic. {pull}486[486] {pull}554[554]
+- Change the DNS library used throughout the dns package to github.com/miekg/dns. {pull}803[803]
 
 *Topbeat*
 - Group all cpu usage per core statistics and export them optionally if cpu_per_core is configured {pull}496[496]

glide.yaml

@@ -35,3 +35,5 @@ import:
   version: f3e2bae1e0cb5aef83e319133eabfee30013a4a5
 - package: github.com/go-ole/go-ole
   version: v1.2.0
+- package: github.com/miekg/dns
+  version: 85b661b2a6fc95a5a83e66d7730c4bc0b6e9c99e

packetbeat/docs/fields.asciidoc

@@ -109,7 +109,7 @@ Messages from Packetbeat itself. This field usually contains error messages for
 
 
 [[exported-fields-icmp]]
-=== ICMP fields
+=== ICMP Fields
 
 ICMP specific event fields.
 
@@ -118,6 +118,12 @@ ICMP specific event fields.
 
 The version of the ICMP protocol.
 
+==== icmp.request.message
+
+type: string
+
+A human readable form of the request.
+
 ==== icmp.request.type
 
 type: int
@@ -130,6 +136,12 @@ type: int
 
 The request code.
 
+==== icmp.response.message
+
+type: string
+
+A human readable form of the response.
+
 ==== icmp.response.type
 
 type: int
@@ -169,7 +181,7 @@ type: bool
 A DNS flag specifying that the responding server is an authority for the domain name used in the question.
 
 
-==== dns.flags.recursion_allowed
+==== dns.flags.recursion_available
 
 type: bool
 
@@ -183,6 +195,20 @@ type: bool
 A DNS flag specifying that the client directs the server to pursue a query recursively. Recursive query support is optional.
 
 
+==== dns.flags.authentic_data
+
+type: bool
+
+A DNS flag specifying that the recursive server considers the response authentic.
+
+
+==== dns.flags.checking_disabled
+
+type: bool
+
+A DNS flag specifying that the client disables the server signature validation of the query.
+
+
 ==== dns.flags.truncated_response
 
 type: bool

packetbeat/etc/fields.yml

@@ -251,7 +251,7 @@ event:
             A DNS flag specifying that the responding server is an authority for
             the domain name used in the question.
 
-        - name: dns.flags.recursion_allowed
+        - name: dns.flags.recursion_available
           type: bool
           description: >
             A DNS flag specifying whether recursive query support is available in the
@@ -263,6 +263,18 @@ event:
             A DNS flag specifying that the client directs the server to pursue a
             query recursively. Recursive query support is optional.
 
+        - name: dns.flags.authentic_data
+          type: bool
+          description: >
+            A DNS flag specifying that the recursive server considers the response
+            authentic.
+
+        - name: dns.flags.checking_disabled
+          type: bool
+          description: >
+            A DNS flag specifying that the client disables the server
+            signature validation of the query.
+
         - name: dns.flags.truncated_response
           type: bool
           description: >