[dnstap] DNSTap logging localzone responses

Robert Edmonds edmonds at mycre.ws
Wed Aug 24 18:05:42 UTC 2016


Hi, Adnan:

A local-zone is answered directly by Unbound without performing
recursion, so you'll only see response messages for those domains if you
set "dnstap-log-client-response-messages: yes".

Adnan Baykal wrote:
> ```
> dnstap:
>   dnstap-enable: yes
>   dnstap-socket-path: "dnstap.sock"
>   dnstap-send-identity: yes
>   dnstap-send-version: yes
>   dnstap-log-resolver-response-messages: yes
>   dnstap-log-client-query-messages: yes
> ```
> 
> On Aug 23, 2016 10:04 PM, "Robert Edmonds" <edmonds at mycre.ws> wrote:
> 
> > Adnan Baykal wrote:
> > > We are using Unbound + DNSTap on the same box for logging. Issue we ran
> > > into is that DNSTap does not produce any logs for the localzones we are
> > > using for blocking domains. Basically, we are only seeing
> > RESOLVER_RESPONSE
> > > messages from DNSTap and nothing else for the NXDomains we return for
> > > blocked domains.

-- 
Robert Edmonds


More information about the dnstap mailing list