[dnsdist] Log rotation problem debian-dnsdist 1.8.2

Joao Damas joao at apnic.net
Thu Dec 21 18:12:54 UTC 2023 

Hi Peter,

> On 21 Dec 2023, at 15:10, Peter van Dijk via dnsdist <dnsdist at mailman.powerdns.com> wrote:
> 
> Hi Joao,
> 
> On Fri, 2023-12-15 at 14:34 +0000, Joao Damas via dnsdist wrote:
>> Hi everyone.
>> We have been running dnsdist 1.6.x for some time and decided to, finally, upgrade, to 1.8.2
>> We run dnsdist on Debian 11 and it all works EXCEPT for log rotation.
>> I can see dnsdist producing log entries when issuing 'systemctl status’ for the services (we start the services with the dnsdist at .service unit file)
>> If I reboot the machine I can see dnsdist entries being written to the designated file in /var/log.
> 
> What kind of file is that?

The dnsdist log file, set from the systemd unit file, where it logs the incoming queries (plus a few other bits like the startup messages)
From the shipped systemd unit file, this setting:

SyslogIdentifier=dnsdist-%I


> Any relevant dnsdist config?

Sure, here it is (I don’t think anything there should affect logging, but….)
The query line is done via a print statement below

cat dnsdist-sibling.conf
################
function dropZombies(dnsq)
  over_tcp="U"
  sf=string.format
  qname = dnsq.qname:toString()
  nonce = string.match(qname, '([0-9a-fA-F-]+).example.com') -- normal exp string
  if not nonce
  then
    return DNSAction.Drop
  else
    time = string.match(nonce, '%x+-%x+-%x+-%x+-%x+-%x+-%x+-(%d+)-.*')
    if not time
    then
      time = string.match(nonce, '%x+-%x+-(%d+)-.*')  -- try second exp string format
    end
    if (time)
    then
      cur_time = os.time(os.date("!*t"))
      if (cur_time - time > 60 )
      then
        print(sf("zombie: client %s %s ", dnsq.remoteaddr:toString(), qname))
        return DNSAction.Drop
      else
        if dnsq.tcp
        then
          over_tcp="T"
        end
        print(sf("client-sibling %s %s %s %s", dnsq.remoteaddr:toString(), qname, dnsq.qtype, over_tcp))
        return DNSAction.NoOp -- let the query through
      end
    else
      print(sf("BAD QNAME: client %s %s ", dnsq.remoteaddr:toString(), qname))
      return DNSAction.Drop
    end
  end
end

addAction(AllRule(), LuaAction(dropZombies))
addLocal(‘ffff:ffff:ffff:ffff::51b1')

setACL({"0.0.0.0/0","::/0"})

newServer({address="127.0.0.2", name="local-backend", checkInterval=60, checkType="A", checkName=“www.example.com", mustResolve=true})
################

This works well except when logrotate rotates the log. Then it stops logging and a restart doesn’t get it back, only a complete system reboot will get it back. Then it is fine until the next rotation

Thanks
Joao

More information about the dnsdist mailing list