惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
U
Unit 42
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
P
Proofpoint News Feed
F
Full Disclosure
月光博客
月光博客
Engineering at Meta
Engineering at Meta
博客园_首页
The Register - Security
The Register - Security
G
Google Developers Blog
The Cloudflare Blog
博客园 - Franky
K
Kaspersky official blog
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
C
Check Point Blog
NISL@THU
NISL@THU
AI
AI
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Stack Overflow Blog
Stack Overflow Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
量子位
Vercel News
Vercel News
T
Tor Project blog
P
Privacy International News Feed
D
Docker
I
Intezer
L
LangChain Blog
P
Proofpoint News Feed
Security Latest
Security Latest
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
博客园 - 聂微东
AWS News Blog
AWS News Blog
Martin Fowler
Martin Fowler
P
Privacy & Cybersecurity Law Blog
V
V2EX
Last Week in AI
Last Week in AI
C
Cybersecurity and Infrastructure Security Agency CISA
The Hacker News
The Hacker News
T
Tenable Blog
Blog — PlanetScale
Blog — PlanetScale
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog

dnstap on CoreDNS: DNS and Service Discovery

dnstap
Logging with dnstap
varyoo · 2017-08-03 · via dnstap on CoreDNS: DNS and Service Discovery

dnstap is a flexible, structured binary log format for DNS software1. It uses Protocol Buffers to encode events that occur inside DNS software in an implementation-neutral format.

dnstap can encode any DNS message exchanged by the server, along with information about the remote computer (IP address, port) and time. It includes client queries and responses, but also proxied requests or other information requested from other name servers.

This example shows output from the dnstap command-line tool to get an idea of the kind of information that dnstap can provide:

type: MESSAGE
message:
  type: CLIENT_RESPONSE
  socket_family: INET
  socket_protocol: UDP
  query_address: 127.0.0.1
  query_port: 47969
  response_message: |
    ;; opcode: QUERY, status: NOERROR, id: 47163
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;example.org.       IN       A

    ;; ANSWER SECTION:
    example.org.        86339   IN      A       93.184.216.34

A dnstap plugin has been added in CoreDNS-010. Currently it can only log client level messages. Logging for additional types of exchanges is being implemented.

The dnstap plugin is used in combination with the dnstap command-line tool. They use a socket to communicate: the plugin will send the logs as long as the tool is listening.

To start with the dnstap plugin add it to the Corefile in a server block:

dnstap /tmp/dnstap.sock full

With the full option given to the dnstap plugin you will also include the full (binary) data of the DNS message. Now you can use the dnstap tool to read from the socket where CoreDNS writes to.

$ dnstap -u /tmp/dnstap.sock

Or listen on the dnstap socket and store message payloads to a binary dnstap-format log file:

$ dnstap -u /tmp/dnstap.sock -w /tmp/july.dnstap

And then read back July’s logs in the YAML-format:

$ dnstap -r /tmp/july.dnstap -y