2019-04-06 08:42:40 +01:00
|
|
|
.\" Generated by Mmark Markdown Processer - mmark.nl
|
2019-06-24 12:37:27 +01:00
|
|
|
.TH "COREDNS-DNSTAP" 7 "June 2019" "CoreDNS" "CoreDNS Plugins"
|
2019-04-06 08:42:40 +01:00
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "NAME"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
\fIdnstap\fP - enable logging to dnstap.
|
|
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "DESCRIPTION"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
dnstap is a flexible, structured binary log format for DNS software: http://dnstap.info
|
|
|
|
|
\[la]http://dnstap.info\[ra]. With this
|
|
|
|
|
plugin you make CoreDNS output dnstap logging.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
Note that there is an internal buffer, so expect at least 13 requests before the server sends its
|
|
|
|
|
dnstap messages to the socket.
|
|
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "SYNTAX"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
.RS
|
2018-01-04 12:53:07 +00:00
|
|
|
|
2019-04-06 08:42:40 +01:00
|
|
|
.nf
|
2018-01-04 12:53:07 +00:00
|
|
|
dnstap SOCKET [full]
|
2019-04-06 08:42:40 +01:00
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
|
|
|
|
.IP \(bu 4
|
|
|
|
|
\fBSOCKET\fP is the socket path supplied to the dnstap command line tool.
|
|
|
|
|
.IP \(bu 4
|
|
|
|
|
\fB\fCfull\fR to include the wire-format DNS message.
|
|
|
|
|
|
|
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "EXAMPLES"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
Log information about client requests and responses to \fI/tmp/dnstap.sock\fP.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
.RS
|
|
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.nf
|
2019-04-06 08:42:40 +01:00
|
|
|
dnstap /tmp/dnstap.sock
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
Log information including the wire-format DNS message about client requests and responses to \fI/tmp/dnstap.sock\fP.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
.RS
|
|
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.nf
|
2019-04-06 08:42:40 +01:00
|
|
|
dnstap unix:///tmp/dnstap.sock full
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
Log to a remote endpoint.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
.RS
|
|
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.nf
|
2019-04-06 08:42:40 +01:00
|
|
|
dnstap tcp://127.0.0.1:6000 full
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "COMMAND LINE TOOL"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
Dnstap has a command line tool that can be used to inspect the logging. The tool can be found
|
|
|
|
|
at Github: https://github.com/dnstap/golang-dnstap
|
|
|
|
|
\[la]https://github.com/dnstap/golang-dnstap\[ra]. It's written in Go.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
The following command listens on the given socket and decodes messages to stdout.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
.RS
|
|
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.nf
|
2019-04-06 08:42:40 +01:00
|
|
|
$ dnstap \-u /tmp/dnstap.sock
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
The following command listens on the given socket and saves message payloads to a binary dnstap-format log file.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
.RS
|
|
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.nf
|
2019-04-06 08:42:40 +01:00
|
|
|
$ dnstap \-u /tmp/dnstap.sock \-w /tmp/test.dnstap
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
Listen for dnstap messages on port 6000.
|
|
|
|
|
|
|
|
|
|
.PP
|
|
|
|
|
.RS
|
|
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
.nf
|
2019-04-06 08:42:40 +01:00
|
|
|
$ dnstap \-l 127.0.0.1:6000
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "USING DNSTAP IN YOUR PLUGIN"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
.RS
|
2018-03-05 19:58:28 +00:00
|
|
|
|
2019-04-06 08:42:40 +01:00
|
|
|
.nf
|
2018-03-05 19:58:28 +00:00
|
|
|
import (
|
2019-04-06 08:42:40 +01:00
|
|
|
"github.com/coredns/coredns/plugin/dnstap"
|
|
|
|
|
"github.com/coredns/coredns/plugin/dnstap/msg"
|
2018-03-05 19:58:28 +00:00
|
|
|
)
|
|
|
|
|
|
2019-04-06 08:42:40 +01:00
|
|
|
func (h Dnstap) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
|
2018-03-05 19:58:28 +00:00
|
|
|
// log client query to Dnstap
|
2019-04-06 08:42:40 +01:00
|
|
|
if t := dnstap.TapperFromContext(ctx); t != nil {
|
|
|
|
|
b := msg.New().Time(time.Now()).Addr(w.RemoteAddr())
|
|
|
|
|
if t.Pack() {
|
|
|
|
|
b.Msg(r)
|
2018-03-05 19:58:28 +00:00
|
|
|
}
|
2019-04-06 08:42:40 +01:00
|
|
|
if m, err := b.ToClientQuery(); err == nil {
|
|
|
|
|
t.TapMessage(m)
|
2018-03-05 19:58:28 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-06 08:42:40 +01:00
|
|
|
// ...
|
2018-03-05 19:58:28 +00:00
|
|
|
}
|
2019-04-06 08:42:40 +01:00
|
|
|
|
2018-03-05 19:58:28 +00:00
|
|
|
.fi
|
2019-04-06 08:42:40 +01:00
|
|
|
.RE
|
|
|
|
|
|
2019-06-24 12:37:27 +01:00
|
|
|
.SH "SEE ALSO"
|
2019-04-06 08:42:40 +01:00
|
|
|
.PP
|
|
|
|
|
dnstap.info
|
|
|
|
|
\[la]http://dnstap.info\[ra].
|
|
|
|
|
|
