[Pdns-users] dnstap problem

Brian Candler b.candler at pobox.com
Sun Jun 21 19:29:39 UTC 2020 

I am trying to get dnstap to work with pdns-recursor 4.3.1-1pdns.bionic 
from the powerdns repo, under Ubuntu 18.04, but failing.

I want to send to a remote network destination.  I've added one line to 
/etc/powerdns/recursor.lua, so it now looks like this:

-- Debian default Lua configuration file for PowerDNS Recursor

-- Load DNSSEC root keys from dns-root-data package.
-- Note: If you provide your own Lua configuration file, consider
-- running rootkeys.lua too.
dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")

*dnstapFrameStreamServer("10.12.255.44:5453", {logQueries=true})*

When I restart pdns-recursor, the following is logged to journald:

Jun 21 19:10:20 cache2 systemd[1]: Started PowerDNS Recursor.
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with 
root hints
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap 
framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 
not supported
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Enabling web server
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with 
root hints
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap 
framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 
not supported
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with 
root hints
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap 
framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 
not supported
Jun 21 19:10:20 cache2 pdns_recursor[11842]: [webserver] Listening for 
HTTP requests on [::]:8082
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Enabled 'epoll' multiplexer
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with 
root hints
Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap 
framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 
not supported
Jun 21 19:10:21 cache2 pdns_recursor[11842]: Polled security status of 
version 4.3.1, no known issues reported: OK

tcpdump shows no attempt to make an outbound connection on tcp (or udp) 
port 5453.

I realise "family 2" means INET6, but I can't see why it thinks that's 
IPv6.  The error appears to be from around here: 
https://github.com/PowerDNS/pdns/blob/master/pdns/pdns_recursor.cc#L987

Have I got the Lua syntax wrong?  According to the docs it can be either 
a single string or a list; I get the same result with

dnstapFrameStreamServer({"10.12.255.44:5453"}, {logQueries=true})

which matches the test case:

regression-tests.recursor-dnssec/test_RecDnstap.py:dnstapFrameStreamServer({"%s"}, 
{logQueries=false})

although that test is using a Unix domain path.

Any clues?

Thanks,

Brian.

P.S. I can see that the binary was built with --enable-dnstap:

# /usr/sbin/pdns_recursor --version
Jun 21 19:15:48 Asked to run with pdns-distributes-queries set but no 
distributor threads, raising to 1
Jun 21 19:15:48 PowerDNS Recursor 4.3.1 (C) 2001-2020 PowerDNS.COM BV
Jun 21 19:15:48 Using 64-bits mode. Built using gcc 7.5.0 on May  8 2020 
11:44:22 by root at c2c81a43694e.
Jun 21 19:15:48 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free 
software, and you are welcome to redistribute it according to the terms 
of the GPL version 2.
Jun 21 19:15:48 Features: fcontext libcrypto-ecdsa libcrypto-ed25519 
libcrypto-ed448 libcrypto-eddsa lua nod protobuf dnstap-framestream sodium
Jun 21 19:15:48 Configured with: " '--build=x86_64-linux-gnu' 
'--prefix=/usr' '--includedir=${prefix}/include' 
'--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 
'--sysconfdir=/etc' '--localstatedir=/var' 
'--libdir=${prefix}/lib/x86_64-linux-gnu' 
'--libexecdir=${prefix}/lib/x86_64-linux-gnu' 
'--disable-maintainer-mode' '--disable-dependency-tracking' 
'--sysconfdir=/etc/powerdns' '--enable-unit-tests' '--with-lua=luajit' 
'--with-libcap' '--with-libsodium' '--with-protobuf=yes' 
*'--enable-dnstap'* '--without-net-snmp' '--disable-silent-rules' 
'--with-service-user=pdns' '--with-service-group=pdns' 
'--enable-systemd' '--with-systemd=/lib/systemd/system' 
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 
-fdebug-prefix-map=/pdns/pdns-recursor-4.3.1=. -fstack-protector-strong 
-Wformat -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions 
-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 
'CXXFLAGS=-g -O2 -fdebug-prefix-map=/pdns/pdns-recursor-4.3.1=. 
-fstack-protector-strong -Wformat -Werror=format-security'"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200621/a5c66a2f/attachment.htm>

More information about the Pdns-users mailing list