Regex DNS ANSWER SECTION into groups












1















I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.



This regex only extracts the last entry in the ANSWERS section:



(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)


This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION



(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)


my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?



logs:



 2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0  ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A  ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9  ;; AUTHORITY SECTION:  ;; ADDITIONAL SECTION: ;; MSG SIZE  rcvd: 96

2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91

2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx









share|improve this question























  • See regex101.com/r/bJiZwA/1

    – Wiktor Stribiżew
    Jan 3 at 19:43











  • Thank you! that is prefect!

    – remis4
    Jan 3 at 20:01











  • This regex only extracts the last entry in the ANSWERS section: What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?

    – sln
    Jan 3 at 20:23











  • within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.

    – remis4
    Jan 6 at 13:56
















1















I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.



This regex only extracts the last entry in the ANSWERS section:



(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)


This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION



(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)


my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?



logs:



 2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0  ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A  ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9  ;; AUTHORITY SECTION:  ;; ADDITIONAL SECTION: ;; MSG SIZE  rcvd: 96

2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91

2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx









share|improve this question























  • See regex101.com/r/bJiZwA/1

    – Wiktor Stribiżew
    Jan 3 at 19:43











  • Thank you! that is prefect!

    – remis4
    Jan 3 at 20:01











  • This regex only extracts the last entry in the ANSWERS section: What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?

    – sln
    Jan 3 at 20:23











  • within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.

    – remis4
    Jan 6 at 13:56














1












1








1








I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.



This regex only extracts the last entry in the ANSWERS section:



(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)


This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION



(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)


my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?



logs:



 2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0  ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A  ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9  ;; AUTHORITY SECTION:  ;; ADDITIONAL SECTION: ;; MSG SIZE  rcvd: 96

2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91

2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx









share|improve this question














I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.



This regex only extracts the last entry in the ANSWERS section:



(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)


This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION



(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)


my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?



logs:



 2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0  ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A  ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9  ;; AUTHORITY SECTION:  ;; ADDITIONAL SECTION: ;; MSG SIZE  rcvd: 96

2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91

2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx






regex dns unbound






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 3 at 19:29









remis4remis4

154




154













  • See regex101.com/r/bJiZwA/1

    – Wiktor Stribiżew
    Jan 3 at 19:43











  • Thank you! that is prefect!

    – remis4
    Jan 3 at 20:01











  • This regex only extracts the last entry in the ANSWERS section: What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?

    – sln
    Jan 3 at 20:23











  • within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.

    – remis4
    Jan 6 at 13:56



















  • See regex101.com/r/bJiZwA/1

    – Wiktor Stribiżew
    Jan 3 at 19:43











  • Thank you! that is prefect!

    – remis4
    Jan 3 at 20:01











  • This regex only extracts the last entry in the ANSWERS section: What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?

    – sln
    Jan 3 at 20:23











  • within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.

    – remis4
    Jan 6 at 13:56

















See regex101.com/r/bJiZwA/1

– Wiktor Stribiżew
Jan 3 at 19:43





See regex101.com/r/bJiZwA/1

– Wiktor Stribiżew
Jan 3 at 19:43













Thank you! that is prefect!

– remis4
Jan 3 at 20:01





Thank you! that is prefect!

– remis4
Jan 3 at 20:01













This regex only extracts the last entry in the ANSWERS section: What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?

– sln
Jan 3 at 20:23





This regex only extracts the last entry in the ANSWERS section: What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?

– sln
Jan 3 at 20:23













within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.

– remis4
Jan 6 at 13:56





within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.

– remis4
Jan 6 at 13:56












1 Answer
1






active

oldest

votes


















1














You may use



(?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)


See the regex demo



Details





  • (?:G(?!A)s*|ANSWERsSECTION:) - ANSWER SECTION: substring or the end of the previous match and 0+ whitespaces


  • s* - 0+ whitespaces


  • (?<answer_name>S+) - Group "answer_name": 1 or more non-whitespace chars


  • #011 - a literal substring


  • (?<answer_ttl>d+) - Group "answer_ttl": 1 or more digits


  • #011 - a literal substring


  • (?<answer_class>w+) - Group "answer_class": 1 or more word chars


  • #011 - a literal substring


  • (?<answer_type>w+) - Group "answer_type": 1 or more word chars


  • #011 - a literal substring


  • (?<answer_rdata>S+) - Group "answer_rdata": 1 or more non-whitespace chars.






share|improve this answer
























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54028637%2fregex-dns-answer-section-into-groups%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    You may use



    (?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)


    See the regex demo



    Details





    • (?:G(?!A)s*|ANSWERsSECTION:) - ANSWER SECTION: substring or the end of the previous match and 0+ whitespaces


    • s* - 0+ whitespaces


    • (?<answer_name>S+) - Group "answer_name": 1 or more non-whitespace chars


    • #011 - a literal substring


    • (?<answer_ttl>d+) - Group "answer_ttl": 1 or more digits


    • #011 - a literal substring


    • (?<answer_class>w+) - Group "answer_class": 1 or more word chars


    • #011 - a literal substring


    • (?<answer_type>w+) - Group "answer_type": 1 or more word chars


    • #011 - a literal substring


    • (?<answer_rdata>S+) - Group "answer_rdata": 1 or more non-whitespace chars.






    share|improve this answer




























      1














      You may use



      (?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)


      See the regex demo



      Details





      • (?:G(?!A)s*|ANSWERsSECTION:) - ANSWER SECTION: substring or the end of the previous match and 0+ whitespaces


      • s* - 0+ whitespaces


      • (?<answer_name>S+) - Group "answer_name": 1 or more non-whitespace chars


      • #011 - a literal substring


      • (?<answer_ttl>d+) - Group "answer_ttl": 1 or more digits


      • #011 - a literal substring


      • (?<answer_class>w+) - Group "answer_class": 1 or more word chars


      • #011 - a literal substring


      • (?<answer_type>w+) - Group "answer_type": 1 or more word chars


      • #011 - a literal substring


      • (?<answer_rdata>S+) - Group "answer_rdata": 1 or more non-whitespace chars.






      share|improve this answer


























        1












        1








        1







        You may use



        (?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)


        See the regex demo



        Details





        • (?:G(?!A)s*|ANSWERsSECTION:) - ANSWER SECTION: substring or the end of the previous match and 0+ whitespaces


        • s* - 0+ whitespaces


        • (?<answer_name>S+) - Group "answer_name": 1 or more non-whitespace chars


        • #011 - a literal substring


        • (?<answer_ttl>d+) - Group "answer_ttl": 1 or more digits


        • #011 - a literal substring


        • (?<answer_class>w+) - Group "answer_class": 1 or more word chars


        • #011 - a literal substring


        • (?<answer_type>w+) - Group "answer_type": 1 or more word chars


        • #011 - a literal substring


        • (?<answer_rdata>S+) - Group "answer_rdata": 1 or more non-whitespace chars.






        share|improve this answer













        You may use



        (?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)


        See the regex demo



        Details





        • (?:G(?!A)s*|ANSWERsSECTION:) - ANSWER SECTION: substring or the end of the previous match and 0+ whitespaces


        • s* - 0+ whitespaces


        • (?<answer_name>S+) - Group "answer_name": 1 or more non-whitespace chars


        • #011 - a literal substring


        • (?<answer_ttl>d+) - Group "answer_ttl": 1 or more digits


        • #011 - a literal substring


        • (?<answer_class>w+) - Group "answer_class": 1 or more word chars


        • #011 - a literal substring


        • (?<answer_type>w+) - Group "answer_type": 1 or more word chars


        • #011 - a literal substring


        • (?<answer_rdata>S+) - Group "answer_rdata": 1 or more non-whitespace chars.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 3 at 20:13









        Wiktor StribiżewWiktor Stribiżew

        328k16148227




        328k16148227
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54028637%2fregex-dns-answer-section-into-groups%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Monofisismo

            Angular Downloading a file using contenturl with Basic Authentication

            Olmecas