[Pdns-users] Logging queries out of the zones with IP
b.candler at pobox.com
Mon Oct 19 17:27:17 UTC 2020
On 19/10/2020 16:14, Luis Daniel Lucio Quiroz via Pdns-users wrote:
> I am trying to build a fail2ban rule. Because my PDNS is not a public
> DNS, but it just hosts specific zones nobody should be querying
> anything else but those specific zones, right?
> I can't find an option to log those queries. PDNS works okay, it
> refuses other zones but I want to log that.
PDNS recursor or authoritative? From context I am going to guess
Personally I wouldn't do it. The extra load from logging all queries is
likely *much* higher than the load of sending a few REFUSED answers, if
and when they occur.
There is query logging:
# dig +short @localhost example.com
# grep example.com /var/log/syslog
Oct 19 18:17:32 ns-auth pdns_server: Lookup for 'SOA' of
'example.com' within zoneID -1
Oct 19 18:17:32 ns-auth pdns_server: Found no authoritative zone
for 'example.com' and/or id 0
... but it's really a debugging feature, and it appears not to show the
client source IP address, which I expect is what you want. (Tested with
I think what you'd have to do is to put dnsdist in front, which supports
high-performance protobuf <https://dnsdist.org/reference/protobuf.html>
logging and dnstap <https://dnsdist.org/reference/dnstap.html> logging.
The recursor does have those features built-in, BTW.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users