2017-07-26 08:55:06 +01:00
|
|
|
# dnstap
|
2017-07-24 23:12:50 +02:00
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
## Name
|
2017-07-25 22:14:01 +02:00
|
|
|
|
2018-07-06 11:27:40 +01:00
|
|
|
*dnstap* - enable logging to dnstap.
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
## Description
|
|
|
|
|
|
|
|
|
|
dnstap is a flexible, structured binary log format for DNS software: http://dnstap.info. With this
|
|
|
|
|
plugin you make CoreDNS output dnstap logging.
|
|
|
|
|
|
|
|
|
|
Note that there is an internal buffer, so expect at least 13 requests before the server sends its
|
|
|
|
|
dnstap messages to the socket.
|
2017-07-25 22:14:01 +02:00
|
|
|
|
2017-07-24 23:12:50 +02:00
|
|
|
## Syntax
|
|
|
|
|
|
2017-07-25 22:14:01 +02:00
|
|
|
~~~ txt
|
|
|
|
|
dnstap SOCKET [full]
|
|
|
|
|
~~~
|
2017-07-24 23:12:50 +02:00
|
|
|
|
|
|
|
|
* **SOCKET** is the socket path supplied to the dnstap command line tool.
|
2017-07-25 22:14:01 +02:00
|
|
|
* `full` to include the wire-format DNS message.
|
|
|
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
|
|
|
|
|
Log information about client requests and responses to */tmp/dnstap.sock*.
|
|
|
|
|
|
|
|
|
|
~~~ txt
|
|
|
|
|
dnstap /tmp/dnstap.sock
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Log information including the wire-format DNS message about client requests and responses to */tmp/dnstap.sock*.
|
|
|
|
|
|
|
|
|
|
~~~ txt
|
2017-09-01 14:07:21 +02:00
|
|
|
dnstap unix:///tmp/dnstap.sock full
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Log to a remote endpoint.
|
|
|
|
|
|
|
|
|
|
~~~ txt
|
|
|
|
|
dnstap tcp://127.0.0.1:6000 full
|
2017-07-25 22:14:01 +02:00
|
|
|
~~~
|
2017-07-24 23:12:50 +02:00
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
## Command Line Tool
|
2017-07-24 23:12:50 +02:00
|
|
|
|
2018-01-04 12:53:07 +00:00
|
|
|
Dnstap has a command line tool that can be used to inspect the logging. The tool can be found
|
|
|
|
|
at Github: <https://github.com/dnstap/golang-dnstap>. It's written in Go.
|
2017-07-24 23:12:50 +02:00
|
|
|
|
2017-07-25 22:14:01 +02:00
|
|
|
The following command listens on the given socket and decodes messages to stdout.
|
|
|
|
|
|
|
|
|
|
~~~ sh
|
2018-03-01 03:19:01 +01:00
|
|
|
$ dnstap -u /tmp/dnstap.sock
|
2017-07-25 22:14:01 +02:00
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
The following command listens on the given socket and saves message payloads to a binary dnstap-format log file.
|
|
|
|
|
|
|
|
|
|
~~~ sh
|
2018-03-01 03:19:01 +01:00
|
|
|
$ dnstap -u /tmp/dnstap.sock -w /tmp/test.dnstap
|
2017-07-25 22:14:01 +02:00
|
|
|
~~~
|
2017-09-01 14:07:21 +02:00
|
|
|
|
|
|
|
|
Listen for dnstap messages on port 6000.
|
|
|
|
|
|
|
|
|
|
~~~ sh
|
2018-03-01 03:19:01 +01:00
|
|
|
$ dnstap -l 127.0.0.1:6000
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
## Using Dnstap in your plugin
|
|
|
|
|
|
|
|
|
|
~~~ Go
|
|
|
|
|
import (
|
|
|
|
|
"github.com/coredns/coredns/plugin/dnstap"
|
|
|
|
|
"github.com/coredns/coredns/plugin/dnstap/msg"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (h Dnstap) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
|
|
|
|
|
// log client query to Dnstap
|
|
|
|
|
if t := dnstap.TapperFromContext(ctx); t != nil {
|
|
|
|
|
b := msg.New().Time(time.Now()).Addr(w.RemoteAddr())
|
|
|
|
|
if t.Pack() {
|
|
|
|
|
b.Msg(r)
|
|
|
|
|
}
|
|
|
|
|
if m, err := b.ToClientQuery(); err == nil {
|
|
|
|
|
t.TapMessage(m)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ...
|
|
|
|
|
}
|
2017-09-01 14:07:21 +02:00
|
|
|
~~~
|
2018-01-04 12:53:07 +00:00
|
|
|
|
2018-01-10 11:45:12 +00:00
|
|
|
## See Also
|
2018-01-04 12:53:07 +00:00
|
|
|
|
|
|
|
|
[dnstap.info](http://dnstap.info).
|
