[dnsdist] Logging

Casey Deccio casey at deccio.net
Tue Mar 19 19:49:43 UTC 2019


I'm new to dnsdist, and we're setting it up to use for some experimental measurements, so we can use its flexibility to send queries to different backends, based on different options.  Our previous setup was almost exclusively BIND, so all of our logging was using BIND's logging mechanism, sending our query log entries to syslog.  Obviously, with dnsdist now sitting in front of our servers, we can still log with our backend servers, but we don't get the original source IP address.  My wish would be to have a result very similar to what we had before with our logging, so we can change very little with our data analysis.  I've read up on dndist's logging capabilities, with protobuf or dnstap, but I have yet to find a good, solid example of how we might use it effectively in the same way we were before with our BIND logs to syslog.  The closest I got was to have something like this:

- dnsdist outputs dnstap to a UNIX domain socket.
- Some dnstap reader simply reads on the socket and then writes it to a file in whatever format I want (e.g., BIND query log format).  dnstap (the command-line tool) can do this in part, but, as I understand it, it's output is yaml, which would require further formatting for our purposes, not to mention, it's one more process that I have to have running, and if it stops, I lose data.  Finally, I would need to it to handle log file rotation (e.g., similar to how logrotate does it), so I don't end up with one huge file.

I could also capture pcap on the interface and process it offline, but that seems silly.

So, my questions for the group are: how are you doing your logging, and how would you recommend I do mine, based on what I've given you of my requirements?


More information about the dnsdist mailing list