From 6730f3d5ccd422a0b557bc2ff69814c8fe528abf Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 11 Nov 2013 17:27:56 +0100
Subject: [PATCH] DNS: trigger logging for toserver dir when previous reply is
 lost.

---
 src/log-dnslog.c | 53 +++++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 25 deletions(-)

diff --git a/src/log-dnslog.c b/src/log-dnslog.c
index 5ef4b1fab7..9fc82ca842 100644
--- a/src/log-dnslog.c
+++ b/src/log-dnslog.c
@@ -295,36 +295,39 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ
         }
     } else
 #endif
-    if ((PKT_IS_TOCLIENT(p))) {
-        DNSTransaction *tx = NULL;
-        for (; tx_id < total_txs; tx_id++)
-        {
-            tx = AppLayerGetTx(proto, dns_state, tx_id);
-            if (tx == NULL)
-                continue;
-
-            DNSQueryEntry *query = NULL;
-            TAILQ_FOREACH(query, &tx->query_list, next) {
-                LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
-            }
 
-            if (tx->no_such_name) {
-                LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
-            }
+    DNSTransaction *tx = NULL;
+    for (; tx_id < total_txs; tx_id++)
+    {
+        tx = AppLayerGetTx(proto, dns_state, tx_id);
+        if (tx == NULL)
+            continue;
 
-            DNSAnswerEntry *entry = NULL;
-            TAILQ_FOREACH(entry, &tx->answer_list, next) {
-                LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-            }
+        /* only consider toserver logging if tx has reply lost set */
+        if (PKT_IS_TOSERVER(p) && tx->reply_lost == 0)
+            continue;
 
-            entry = NULL;
-            TAILQ_FOREACH(entry, &tx->authority_list, next) {
-                LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-            }
+        DNSQueryEntry *query = NULL;
+        TAILQ_FOREACH(query, &tx->query_list, next) {
+            LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
+        }
+
+        if (tx->no_such_name) {
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
+        }
 
-            SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
-            AppLayerTransactionUpdateLogId(p->flow);
+        DNSAnswerEntry *entry = NULL;
+        TAILQ_FOREACH(entry, &tx->answer_list, next) {
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
         }
+
+        entry = NULL;
+        TAILQ_FOREACH(entry, &tx->authority_list, next) {
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
+        }
+
+        SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
+        AppLayerTransactionUpdateLogId(p->flow);
     }
 
 end: