From abaykal at globalcyberalliance.org Wed Aug 24 00:45:36 2016 From: abaykal at globalcyberalliance.org (Adnan Baykal) Date: Tue, 23 Aug 2016 20:45:36 -0400 Subject: [dnstap] DNSTap logging localzone responses Message-ID: Hello list, We are using Unbound + DNSTap on the same box for logging. Issue we ran into is that DNSTap does not produce any logs for the localzones we are using for blocking domains. Basically, we are only seeing RESOLVER_RESPONSE messages from DNSTap and nothing else for the NXDomains we return for blocked domains. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edmonds at mycre.ws Wed Aug 24 02:04:45 2016 From: edmonds at mycre.ws (Robert Edmonds) Date: Tue, 23 Aug 2016 22:04:45 -0400 Subject: [dnstap] DNSTap logging localzone responses In-Reply-To: References: Message-ID: <20160824020445.eojjl4dp3dv7adrc@mycre.ws> Adnan Baykal wrote: > We are using Unbound + DNSTap on the same box for logging. Issue we ran > into is that DNSTap does not produce any logs for the localzones we are > using for blocking domains. Basically, we are only seeing RESOLVER_RESPONSE > messages from DNSTap and nothing else for the NXDomains we return for > blocked domains. Hi, Adnan: Please post the 'dnstap:' section from your Unbound configuration. -- Robert Edmonds From abaykal at globalcyberalliance.org Wed Aug 24 14:14:36 2016 From: abaykal at globalcyberalliance.org (Adnan Baykal) Date: Wed, 24 Aug 2016 10:14:36 -0400 Subject: [dnstap] DNSTap logging localzone responses In-Reply-To: <20160824020445.eojjl4dp3dv7adrc@mycre.ws> References: <20160824020445.eojjl4dp3dv7adrc@mycre.ws> Message-ID: Here it is. ``` dnstap: dnstap-enable: yes dnstap-socket-path: "dnstap.sock" dnstap-send-identity: yes dnstap-send-version: yes dnstap-log-resolver-response-messages: yes dnstap-log-client-query-messages: yes ``` On Aug 23, 2016 10:04 PM, "Robert Edmonds" wrote: > Adnan Baykal wrote: > > We are using Unbound + DNSTap on the same box for logging. Issue we ran > > into is that DNSTap does not produce any logs for the localzones we are > > using for blocking domains. Basically, we are only seeing > RESOLVER_RESPONSE > > messages from DNSTap and nothing else for the NXDomains we return for > > blocked domains. > > Hi, Adnan: > > Please post the 'dnstap:' section from your Unbound configuration. > > -- > Robert Edmonds > -------------- next part -------------- An HTML attachment was scrubbed... URL: From edmonds at mycre.ws Wed Aug 24 18:05:42 2016 From: edmonds at mycre.ws (Robert Edmonds) Date: Wed, 24 Aug 2016 14:05:42 -0400 Subject: [dnstap] DNSTap logging localzone responses In-Reply-To: References: <20160824020445.eojjl4dp3dv7adrc@mycre.ws> Message-ID: <20160824180542.q5p6ung3hq6iyvfs@mycre.ws> Hi, Adnan: A local-zone is answered directly by Unbound without performing recursion, so you'll only see response messages for those domains if you set "dnstap-log-client-response-messages: yes". Adnan Baykal wrote: > ``` > dnstap: > dnstap-enable: yes > dnstap-socket-path: "dnstap.sock" > dnstap-send-identity: yes > dnstap-send-version: yes > dnstap-log-resolver-response-messages: yes > dnstap-log-client-query-messages: yes > ``` > > On Aug 23, 2016 10:04 PM, "Robert Edmonds" wrote: > > > Adnan Baykal wrote: > > > We are using Unbound + DNSTap on the same box for logging. Issue we ran > > > into is that DNSTap does not produce any logs for the localzones we are > > > using for blocking domains. Basically, we are only seeing > > RESOLVER_RESPONSE > > > messages from DNSTap and nothing else for the NXDomains we return for > > > blocked domains. -- Robert Edmonds From abaykal at globalcyberalliance.org Wed Aug 24 18:06:36 2016 From: abaykal at globalcyberalliance.org (Adnan Baykal) Date: Wed, 24 Aug 2016 14:06:36 -0400 Subject: [dnstap] DNSTap logging localzone responses In-Reply-To: <20160824180542.q5p6ung3hq6iyvfs@mycre.ws> References: <20160824020445.eojjl4dp3dv7adrc@mycre.ws> <20160824180542.q5p6ung3hq6iyvfs@mycre.ws> Message-ID: Awesome. Thanks Robert. We will try that. On Aug 24, 2016 2:05 PM, "Robert Edmonds" wrote: > Hi, Adnan: > > A local-zone is answered directly by Unbound without performing > recursion, so you'll only see response messages for those domains if you > set "dnstap-log-client-response-messages: yes". > > Adnan Baykal wrote: > > ``` > > dnstap: > > dnstap-enable: yes > > dnstap-socket-path: "dnstap.sock" > > dnstap-send-identity: yes > > dnstap-send-version: yes > > dnstap-log-resolver-response-messages: yes > > dnstap-log-client-query-messages: yes > > ``` > > > > On Aug 23, 2016 10:04 PM, "Robert Edmonds" wrote: > > > > > Adnan Baykal wrote: > > > > We are using Unbound + DNSTap on the same box for logging. Issue we > ran > > > > into is that DNSTap does not produce any logs for the localzones we > are > > > > using for blocking domains. Basically, we are only seeing > > > RESOLVER_RESPONSE > > > > messages from DNSTap and nothing else for the NXDomains we return for > > > > blocked domains. > > -- > Robert Edmonds > _______________________________________________ > dnstap mailing list > dnstap at lists.redbarn.org > http://lists.redbarn.org/mailman/listinfo/dnstap > -------------- next part -------------- An HTML attachment was scrubbed... URL: