From 8a2c3dc760152c373e6dfa70c0896d27c36b5933 Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Thu, 10 Jun 2021 09:54:23 +0200
Subject: [PATCH] fix: [publicdns] IP addresses should be cidr

---
 lists/public-dns-v4/list.json | 2 +-
 lists/public-dns-v6/list.json | 2 +-
 tools/generate-publicdns.py   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lists/public-dns-v4/list.json b/lists/public-dns-v4/list.json
index a075567..850966d 100644
--- a/lists/public-dns-v4/list.json
+++ b/lists/public-dns-v4/list.json
@@ -1512,6 +1512,6 @@
     "domain|ip"
   ],
   "name": "List of known IPv4 public DNS resolvers",
-  "type": "string",
+  "type": "cidr",
   "version": 20210604
 }
diff --git a/lists/public-dns-v6/list.json b/lists/public-dns-v6/list.json
index 9d2d9e2..eae9055 100644
--- a/lists/public-dns-v6/list.json
+++ b/lists/public-dns-v6/list.json
@@ -77,6 +77,6 @@
     "domain|ip"
   ],
   "name": "List of known IPv6 public DNS resolvers",
-  "type": "string",
+  "type": "cidr",
   "version": 20210604
 }
diff --git a/tools/generate-publicdns.py b/tools/generate-publicdns.py
index cab2e66..7d7ea23 100755
--- a/tools/generate-publicdns.py
+++ b/tools/generate-publicdns.py
@@ -26,7 +26,7 @@ def process(file):
     publicdns_ipv4_warninglist = {
         'description': 'Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set',
         'name': 'List of known IPv4 public DNS resolvers',
-        'type': 'string',
+        'type': 'cidr',
         'matching_attributes': ['ip-src', 'ip-dst', 'domain|ip']
     }
     generate(lipv4, publicdns_ipv4_warninglist, publicdns_ipv4_dst)
@@ -36,7 +36,7 @@ def process(file):
     publicdns_ipv6_warninglist = {
         'description': 'Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set',
         'name': 'List of known IPv6 public DNS resolvers',
-        'type': 'string',
+        'type': 'cidr',
         'matching_attributes': ['ip-src', 'ip-dst', 'domain|ip']
     }
     generate(lipv6, publicdns_ipv6_warninglist, publicdns_ipv6_dst)