[dnsdist] LogAction() is ignored?
remi.gacogne at powerdns.com
Mon Sep 23 09:20:29 UTC 2019
On 9/22/19 10:21 AM, Stephane Bortzmeyer wrote:
> I tried to log every query with:
> addAction(AllRule(), LogAction("/tmp/dnsdist.log", false, true, false))
> buffered=false is here to be sure I see the queries immediately.
> dnsdist knows about the action:
> # Matches Rule Action
> 0 0 IP (/32, /64) match for QPS over 100 burst 100 drop
> 1 68 All log to /tmp/dnsdist.log
> /tmp/dnsdist.log is created (world-readable!) but nothing appears in
> it. topQueries() show that I do receive queries.
> % dnsdist --version
> dnsdist 1.4.0-rc2 (Lua 5.1.4 [LuaJIT 2.0.5])
> Enabled features: dns-over-tls(gnutls openssl) dns-over-https(DOH) ebpf fstrm ipcipher libsodium lmdb protobuf recvmmsg/sendmmsg systemd
> Is it a problem specific to RC?
I just did a few tests and I'm afraid I can't reproduce the issue, I do
get a new line in the log file for every incoming query. How are you
starting dnsdist? Would you be able to check with lsof if the dnsdist
process has an open file descriptor to the log file?
If you are using our systemd unit file, note that we do set
PrivateTmp=true for security reasons, meaning that you'll need to look
for the actual log file in
/tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of
Regarding the world-readable permissions we rely on the process' umask
value, but perhaps we should enforce some stricter mode here.
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the dnsdist