More small cleanup.

policy/dns/base.bro

@@ -15,6 +15,7 @@ export {
 		qtype_name:    string          &log &optional;
 		qclass:        count           &log &optional;
 		rcode:         count           &log &optional;
+		rcode_name:    string          &log &optional;
 		QR:            bool            &log &default=F;
 		Z:             bool            &log &default=F;
 		AA:            bool            &log &default=F;
@@ -93,6 +94,7 @@ function set_session(c: connection, msg: dns_msg, is_query: bool)
 
 	c$dns_state$last_active=network_time();
 	c$dns$rcode = msg$rcode;
+	c$dns$rcode_name = base_errors[msg$rcode];
 	
 	if ( ! is_query )
 		{

policy/dns/consts.bro

@@ -65,7 +65,7 @@ export {
 		[22] = "BADTRUNC",      ##< draft-ietf-dnsext-tsig-sha-05.txt
 		[3842] = "BADSIG",      ##< 16 <= number collision with EDNS(16);
 		                        ##< this is a translation from TSIG(16)
-	} &default="?";
+	} &default = function(n: count): string { return fmt("rcode-%d", n); };
 
 	# This deciphers EDNS Z field values.
 	const edns_zfield = {

policy/dns/passive-replication.bro

@@ -14,8 +14,8 @@ export {
 event bro_init()
 	{
 	Log::add_filter(DNS, [
-		$name="passive-replication",
+		$name="dns-passive-replication",
-		$path="passive-replication",
+		$path="dns-passive-replication",
 		$pred=function(rec: DNS::Info): bool 
 			{ 
 			if ( rec?$query && rec$query !in recent_requests )

policy/notice-action-filters.bro

@@ -1,5 +1,6 @@
 ## A few predefined notice_action_filters (see notice.bro).
 @load notice
+@load functions
 
 module Notice;