From 04e2773d30337af3162d2d142928ab3988da4e05 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Thu, 8 Dec 2011 13:06:45 -0500
Subject: [PATCH] Fixed some bugs with capturing data in the base DNS script.

---
 scripts/base/protocols/dns/main.bro | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index d738e4943c..5f2f68e807 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -139,16 +139,12 @@ function set_session(c: connection, msg: dns_msg, is_query: bool)
 event DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply: string) &priority=5
 	{
 	set_session(c, msg, F);
-
-	c$dns$AA    = msg$AA;
-	c$dns$RA    = msg$RA;
 	
-	if ( ! c$dns?$TTLs )
-		c$dns$TTLs = vector();
-	c$dns$TTLs[|c$dns$TTLs|] = ans$TTL;
-
 	if ( ans$answer_type == DNS_ANS )
 		{
+		c$dns$AA    = msg$AA;
+		c$dns$RA    = msg$RA;
+		
 		if ( msg$id in c$dns_state$finished_answers )
 			event conn_weird("dns_reply_seen_after_done", c, "");
 		
@@ -157,6 +153,10 @@ event DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply: string)
 			if ( ! c$dns?$answers )
 				c$dns$answers = vector();
 			c$dns$answers[|c$dns$answers|] = reply;
+			
+			if ( ! c$dns?$TTLs )
+				c$dns$TTLs = vector();
+			c$dns$TTLs[|c$dns$TTLs|] = ans$TTL;
 			}
 		
 		if ( c$dns?$answers && |c$dns$answers| == c$dns$total_answers )