This context matches the DNS questions of a DNS query
so that patterns can be written against one or more domains in a
given DNS query.
is a direct pattern match against the format of a DNS query, so
patterns must adhere to the DNS question structure. A recommended
approach to create a DNS pattern is to capture the DNS request with
Wireshark and copy the DNS Request field (make sure to remove the
ending period in the request).
This example illustrates
how to build a signature for a DNS query for the domain www.thebayareagamers.com.
Wireshark representation of the above table. Everything highlighted
yellow and blue is provided by this context. The blue section is
where the hexadecimal string is pulled from for the above table.