blob: e3657b9af7300e84a79243832c68129085966564 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
.. _mod-probe:
``probe`` — DNS traffic probe
=============================
The module allows the server to send simplified information about regular DNS
traffic through *UNIX* sockets. The exported information consists of data blocks
where each data block (datagram) describes one query/response pair. The response
part can be empty. The receiver can be an arbitrary program using *libknot* interface
(C or Python). In case of high traffic, more channels (sockets) can be configured
to allow parallel processing.
.. NOTE::
A simple `probe client <https://gitlab.nic.cz/knot/knot-dns/-/blob/master/scripts/probe_dump.py>`_ in Python.
Example
-------
Default module configuration::
template:
- id: default
global-module: mod-probe
Per zone probe with 8 channels and maximum 1M logs per second limit::
mod-probe:
- id: custom
path: /tmp/knot-probe
channels: 8
max-rate: 1000000
zone:
- domain: example.com.
module: mod-probe/custom
Module reference
----------------
::
mod-probe:
- id: STR
path: STR
channels: INT
max-rate: INT
.. _mod-probe_id:
id
..
A module identifier.
.. _mod-probe_path:
path
....
A directory path the UNIX sockets are located.
.. NOTE::
It's recommended to use a directory with the execute permission restricted
to the intended probe consumer process owner only.
*Default:* :ref:`rundir<server_rundir>`
.. _mod-probe_channels:
channels
........
Number of channels (UNIX sockets) the traffic is distributed to. In case of
high DNS traffic which is beeing processed by many UDP/XDP/TCP workers,
using more channels reduces the module overhead.
*Default:* ``1``
.. _mod-probe_max-rate:
max-rate
........
Maximum number of queries/replies per second the probe is allowed to transfer.
If the limit is exceeded, the over-limit traffic is ignored. Zero value means
no limit.
*Default:* ``100000`` (one hundred thousand)
|
