[Pdns-users] dnstap problem

Otto Moerbeek otto at drijf.net
Mon Jun 22 06:03:00 UTC 2020 

On Sun, Jun 21, 2020 at 08:29:39PM +0100, Brian Candler via Pdns-users wrote:

> I am trying to get dnstap to work with pdns-recursor 4.3.1-1pdns.bionic from
> the powerdns repo, under Ubuntu 18.04, but failing.
> 
> I want to send to a remote network destination.  I've added one line to
> /etc/powerdns/recursor.lua, so it now looks like this:
> 
> -- Debian default Lua configuration file for PowerDNS Recursor
> 
> -- Load DNSSEC root keys from dns-root-data package.
> -- Note: If you provide your own Lua configuration file, consider
> -- running rootkeys.lua too.
> dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
> 
> *dnstapFrameStreamServer("10.12.255.44:5453", {logQueries=true})*
> 
> When I restart pdns-recursor, the following is logged to journald:
> 
> Jun 21 19:10:20 cache2 systemd[1]: Started PowerDNS Recursor.
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with root
> hints
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap
> framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 not
> supported
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Enabling web server
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with root
> hints
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap
> framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 not
> supported
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with root
> hints
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap
> framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 not
> supported
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: [webserver] Listening for HTTP
> requests on [::]:8082
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Enabled 'epoll' multiplexer
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Done priming cache with root
> hints
> Jun 21 19:10:20 cache2 pdns_recursor[11842]: Error while starting dnstap
> framestream logger to '10.12.255.44:5453: FrameStreamLogger: family 2 not
> supported
> Jun 21 19:10:21 cache2 pdns_recursor[11842]: Polled security status of
> version 4.3.1, no known issues reported: OK
> 
> tcpdump shows no attempt to make an outbound connection on tcp (or udp) port
> 5453.
> 
> I realise "family 2" means INET6, but I can't see why it thinks that's
> IPv6.  The error appears to be from around here:
> https://github.com/PowerDNS/pdns/blob/master/pdns/pdns_recursor.cc#L987

AF 2 is inet, not inet6, in /usr/include/sys/socket.h on my (OpenBSD)
machine:

#define AF_INET         2

The problem is your version of the fstrm lib only supports unix domain
sockets. inet and inet6 support are recent addtions to libfstrm. 

	-Otto

> 
> Have I got the Lua syntax wrong?  According to the docs it can be either a
> single string or a list; I get the same result with
> 
> dnstapFrameStreamServer({"10.12.255.44:5453"}, {logQueries=true})
> 
> which matches the test case:
> 
> regression-tests.recursor-dnssec/test_RecDnstap.py:dnstapFrameStreamServer({"%s"},
> {logQueries=false})
> 
> although that test is using a Unix domain path.
> 
> Any clues?
> 
> Thanks,
> 
> Brian.
> 
> P.S. I can see that the binary was built with --enable-dnstap:
> 
> # /usr/sbin/pdns_recursor --version
> Jun 21 19:15:48 Asked to run with pdns-distributes-queries set but no
> distributor threads, raising to 1
> Jun 21 19:15:48 PowerDNS Recursor 4.3.1 (C) 2001-2020 PowerDNS.COM BV
> Jun 21 19:15:48 Using 64-bits mode. Built using gcc 7.5.0 on May  8 2020
> 11:44:22 by root at c2c81a43694e.
> Jun 21 19:15:48 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free
> software, and you are welcome to redistribute it according to the terms of
> the GPL version 2.
> Jun 21 19:15:48 Features: fcontext libcrypto-ecdsa libcrypto-ed25519
> libcrypto-ed448 libcrypto-eddsa lua nod protobuf dnstap-framestream sodium
> Jun 21 19:15:48 Configured with: " '--build=x86_64-linux-gnu'
> '--prefix=/usr' '--includedir=${prefix}/include'
> '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'
> '--sysconfdir=/etc' '--localstatedir=/var'
> '--libdir=${prefix}/lib/x86_64-linux-gnu'
> '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
> '--disable-dependency-tracking' '--sysconfdir=/etc/powerdns'
> '--enable-unit-tests' '--with-lua=luajit' '--with-libcap' '--with-libsodium'
> '--with-protobuf=yes' *'--enable-dnstap'* '--without-net-snmp'
> '--disable-silent-rules' '--with-service-user=pdns'
> '--with-service-group=pdns' '--enable-systemd'
> '--with-systemd=/lib/systemd/system' 'build_alias=x86_64-linux-gnu'
> 'CFLAGS=-g -O2 -fdebug-prefix-map=/pdns/pdns-recursor-4.3.1=.
> -fstack-protector-strong -Wformat -Werror=format-security'
> 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now'
> 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2
> -fdebug-prefix-map=/pdns/pdns-recursor-4.3.1=. -fstack-protector-strong
> -Wformat -Werror=format-security'"
> 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list