[Pdns-users] DNS query logging via protobufServer
Otto Moerbeek
otto at drijf.net
Thu Jun 3 05:40:09 UTC 2021
On Wed, Jun 02, 2021 at 07:05:02PM -0500, Tod Sandman via Pdns-users wrote:
> I have been successfully exporting DNS queries via protobufServer, but I have now been requested to not export PTR lookups. I removed PTR queries from the protobufServer exportTypes:
>
> < {'A', 'AAAA', 'CNAME', 'MX', 'PTR', 'NS', 'SPF', 'SRV', 'TXT'}
> > {'A', 'AAAA', 'CNAME', 'MX', 'NS', 'SPF', 'SRV', 'TXT'}
>
> I stopped and started pdns-recursor. But I am still seeing PTR query logs. For instance:
>
> 2021-06-02T16:37:43.153613-05:00 dnslogger-n2 pdns-in[2202729]: QID: 35371 from: 168.7.56.224 qtype: PTR qclass: IN qname: 224.56.7.168.in-addr.arpa. rcode: NOERROR rrcount: 0
>
> Is the protobufServer exportTypes list being ignored, or am I missing something?
>
> System details:
>
> RHEL8.2
> pdns-recursor-4.4.2-1pdns.el8.x86_64 from https://repo.powerdns.com/repo-files/centos-rec-44.repo
>
> root at net1:/etc/pdns-recursor> grep lua-config-file recursor.conf
> lua-config-file=/etc/pdns-recursor/lua.conf
>
> root at net1:/etc/pdns-recursor> cat /etc/pdns-recursor/lua.conf
> protobufServer("10.129.81.10:9001",
> { logQueries=true,
> logResponses=true,
> exportTypes=
> {'A', 'AAAA', 'CNAME', 'MX', 'NS', 'SPF', 'SRV', 'TXT'}
> } )
>
>
> Thanks for any advice.
Hello,
I think th econfusion is that exportTypes only concern the types of
resource record added to a log message for responses, not the type
in the query header.
This is menttoned in the documentation, but easy to missundesrstand.
Hope this helps,
-Otto
More information about the Pdns-users
mailing list