diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 20:37:50 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 20:37:50 +0000 |
commit | c1f743ab2e4a7046d5500875a47d1f62c8624603 (patch) | |
tree | 709946d52f5f3bbaeb38be9e3f1d56d11f058237 /modules/dnstap/README.rst | |
parent | Initial commit. (diff) | |
download | knot-resolver-upstream/5.7.1.tar.xz knot-resolver-upstream/5.7.1.zip |
Adding upstream version 5.7.1.upstream/5.7.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/dnstap/README.rst')
-rw-r--r-- | modules/dnstap/README.rst | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/modules/dnstap/README.rst b/modules/dnstap/README.rst new file mode 100644 index 0000000..456d218 --- /dev/null +++ b/modules/dnstap/README.rst @@ -0,0 +1,42 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _mod-dnstap: + +Dnstap (traffic collection) +=========================== + +The ``dnstap`` module supports logging DNS requests and responses to a unix +socket in `dnstap format <https://dnstap.info>`_ using fstrm framing library. +This logging is useful if you need effectively log all DNS traffic. + +The unix socket and the socket reader must be present before starting resolver instances. +Also it needs appropriate filesystem permissions; +the typical user and group of the daemon are called ``knot-resolver``. + +Tunables: + +* ``socket_path``: the unix socket file where dnstap messages will be sent +* ``identity``: identity string as typically returned by an "NSID" (RFC 5001) query, empty by default +* ``version``: version string of the resolver, defaulting to "Knot Resolver major.minor.patch" +* ``client.log_queries``: if ``true`` queries from downstream in wire format will be logged +* ``client.log_responses``: if ``true`` responses to downstream in wire format will be logged + +.. Very non-standard and it seems unlikely that others want to collect the RTT. +.. * ``client.log_tcp_rtt``: if ``true`` and on Linux, + add "extra" field with "rtt=12345\n", + signifying kernel's current estimate of RTT micro-seconds for the non-UDP connection + (alongside every arrived DNS message). + +.. code-block:: lua + + modules = { + dnstap = { + socket_path = "/tmp/dnstap.sock", + identity = nsid.name() or "", + version = "My Custom Knot Resolver " .. package_version(), + client = { + log_queries = true, + log_responses = true, + }, + } + } |