Testing / work in progress


Info

"dnstap is a flexible, structured binary log format for DNS software. It uses Protocol Buffers to encode events that occur inside DNS software in an implementation-neutral format." - https://dnstap.info/


Reading data

This assumes it is all configured and running

  • Read from output file to yaml
    dnstap -y -r /tmp/output.dnstap

Configuration


Dnstap

  • install the cli version which gives you dnstap  binary
    apt-get install golang-github-dnstap-golang-dnstap-cli


  • Run it to listen on a socket (-u)  and output to a file (-w)
    dnstap -u /run/dnstap.sock -w /tmp/output.dnstap


  • You may have to adjust permissions for the socket depending on what app is writing to it
    chown unbound /run/dnstap.sock


  • We're currently playing with this so no startup script - which could fix all of these


Unbound

  • Unbound ubuntu package does appear to be compiled with dnstap - see unbound -V  whcih shows the compile command
    # unbound -V
Version 1.13.1

Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --libexecdir=${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking --disable-rpath --with-pidfile=/run/unbound.pid --with-rootkey-file=/var/lib/unbound/root.key --with-libevent --with-libnghttp2 --with-pythonmodule --enable-subnet --enable-dnstap --enable-systemd --with-chroot-dir= --with-dnstap-socket-path=/run/dnstap.sock --libdir=/usr/lib
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.0.2 15 Mar 2022
Linked modules: dns64 python subnetcache respip validator iterator


  • create dnstap.conf in /etc/unbound/unbound.conf.d/ dir:
    dnstap:
    dnstap-enable: yes
    #dnstap-socket-path: "/var/run/unbound/dnstap.sock"
    dnstap-socket-path: "/run/dnstap.sock"
    dnstap-send-identity: yes
    dnstap-send-version: yes
    dnstap-log-resolver-response-messages: yes
    dnstap-log-client-query-messages: yes


  • Restart unbound
    systemctl restart unbound
systemctl status unbound


  • Check log for errors
    tail -f /var/log/unbound/unbound.log





  • No labels