diff --git a/lib/parsers/goAuditParser.js b/lib/parsers/goAuditParser.js
index 2f7bcc7..80a1035 100644
--- a/lib/parsers/goAuditParser.js
+++ b/lib/parsers/goAuditParser.js
@@ -27,7 +27,8 @@ module.exports = function (message) {
     }
 
     var uidMap = data['uid_map'] || {}
-
+    var dnstap = data['dnstap'] || {}
+    
     result.data = {
         timestamp: new Date(data.timestamp * 1000),
         sequence: data.sequence,
@@ -56,7 +57,7 @@ module.exports = function (message) {
                 parseCwd(msgs, result)
                 break
             case constants.types.sockaddr:
-                parseSockaddr(msgs, result)
+                parseSockaddr(msgs, result, dnstap)
                 break
             case constants.types.proctitle:
                 parseProctitle(msgs, result)
@@ -220,11 +221,15 @@ var parseCwd = function (msgs, result) {
     result.data.cwd = convertValue(data.cwd || '', true)
 }
 
-var parseSockaddr = function (msgs, result) {
+var parseSockaddr = function (msgs, result, dnstap) {
     var msg = msgs.join(' '),
         data = splitFields(msg)
+    
+    addr = parseAddr(data.saddr)
+    result.data.socket_address = addr
+    result.data.dnstap = {}
+    result.data.dnstap[addr.ip] =  Array(dnstap[addr.ip]) 
 
-    result.data.socket_address = parseAddr(data.saddr)
 }
 
 var parseProctitle = function (msgs, result) {
diff --git a/test/parsers/goAuditParser.test.js b/test/parsers/goAuditParser.test.js
index a2e7c59..a7bbb2d 100644
--- a/test/parsers/goAuditParser.test.js
+++ b/test/parsers/goAuditParser.test.js
@@ -249,6 +249,29 @@ describe('goAuditParser', function () {
         result.data.execve.command.should.eql("stuff=")
     })
 
+    it('Should get dnstap info', function () {
+     var data = {                                  
+               "sequence": 4734103,             
+               "timestamp": "1541004016.778",   
+               "messages": [                    
+                           {"type": 1306, "data": "saddr=02000050ACD91D8E0000000000000000"},                             
+                         ],                               
+               "dnstap": {                      
+                           "172.217.29.142": "google.com"
+                         }                                
+     }    
+   
+        assertParserResult(
+            StreamStash.parsers.goAuditParser.raw,
+            JSON.stringify(data),
+            {"timestamp":new Date('1541004016.778' * 1000),"sequence":4734103,"unknown":[],"socket_address":{"family":"inet","port":80,"ip":"172.217.29.142","unknown":"0000000000000000"},"message":"",
+               "dnstap": {                      
+                           "172.217.29.142": ["google.com"]
+                         }                                
+    	    }
+        )
+    })
+
     it('Should parse a sockaddr', function () {
         var data = {"sequence":10453717,"timestamp":"1462897538.564","messages":[{"type":1306,"data":"saddr=0200270F000000000000000000000000"}]},
             result = StreamStash.parsers.goAuditParser.raw(JSON.stringify(data))