[dnsdist] Logging a specific DNS response - matching IP address
Aleš Rygl
ales at rygl.net
Wed Sep 25 13:35:55 UTC 2024
Hello,
I would like to kindly ask for an advice here.
I spoof certain A records to a single IP address on my DNS backends.
Based on this IP I would like to log them in order to identify the
clients sending such requests. I am not sure what is the best way to do
it. I know that I have to use addResponseAction together with
DnstapLogResponseAction or with LuaResponseAction. Nevertheless I am not
sure how to code it...
Will this approach work?
function checkResponseIP(dr)
if dr.qtype == DNSQType.A and "IP in the response is w.x.y.z" then
-->> DnstapLogResponseAction("dnsdist", log-receiver) <<<---
return DNSResponseAction.None
end
return DNSResponseAction.None
end
addResponseAction(AllRule(), LuaResponseAction((checkResponseIP)))
Or is there a way how to use a function matching the response instead
of AllRule() and then simply use:
addResponseAction(MyIPResponseMatchingRule(),
DnstapLogResponseAction("dnsdist", log-receiver))
or
addCacheHitResponseAction(MyIPResponseMatchingRule(),
DnstapLogResponseAction("dnsdist", log-receiver))
respectively?
Thanks
Regards
Ales
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20240925/28d49563/attachment.htm>
More information about the dnsdist
mailing list