[dnsdist] LogAction() is ignored?
Remi Gacogne
remi.gacogne at powerdns.com
Mon Sep 23 09:20:29 UTC 2019
Hi Stéphane,
On 9/22/19 10:21 AM, Stephane Bortzmeyer wrote:
> I tried to log every query with:
>
> addAction(AllRule(), LogAction("/tmp/dnsdist.log", false, true, false))
>
> buffered=false is here to be sure I see the queries immediately.
>
> dnsdist knows about the action:
>
>> showRules()
> # Matches Rule Action
> 0 0 IP (/32, /64) match for QPS over 100 burst 100 drop
> 1 68 All log to /tmp/dnsdist.log
>
> /tmp/dnsdist.log is created (world-readable!) but nothing appears in
> it. topQueries() show that I do receive queries.
>
> % dnsdist --version
> dnsdist 1.4.0-rc2 (Lua 5.1.4 [LuaJIT 2.0.5])
> Enabled features: dns-over-tls(gnutls openssl) dns-over-https(DOH) ebpf fstrm ipcipher libsodium lmdb protobuf recvmmsg/sendmmsg systemd
>
> Is it a problem specific to RC?
I just did a few tests and I'm afraid I can't reproduce the issue, I do
get a new line in the log file for every incoming query. How are you
starting dnsdist? Would you be able to check with lsof if the dnsdist
process has an open file descriptor to the log file?
If you are using our systemd unit file, note that we do set
PrivateTmp=true for security reasons, meaning that you'll need to look
for the actual log file in
/tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of
/tmp/dnsdist.log.
Regarding the world-readable permissions we rely on the process' umask
value, but perhaps we should enforce some stricter mode here.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190923/b27ad7ea/attachment.sig>
More information about the dnsdist
mailing list