BIND 9.11.4 dnstap not capturing updates

greg.rabil at bt.com greg.rabil at bt.com
Fri Aug 3 17:05:36 UTC 2018 

That would be the update response, but not the update request.

Regards,
Greg

From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Darcy, Kevin
Sent: Friday, August 3, 2018 12:56 PM
To: bind-users at isc.org
Subject: Re: BIND 9.11.4 dnstap not capturing updates

I'm no expert in DNSTAP, but I see this in the output:

opcode: UPDATE

along with proper reinterpretations of the sections:

ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

How is that "not record[ing} the DNS update"? Are you looking for something prettier? More detailed?

                                                                                   - Kevin

On Fri, Aug 3, 2018 at 7:36 AM, Tony Finch <dot at dotat.at<mailto:dot at dotat.at>> wrote:
greg.rabil at bt.com<mailto:greg.rabil at bt.com> <greg.rabil at bt.com<mailto:greg.rabil at bt.com>> wrote:

> I use nsupdate to send a DDNS update to my zone, which is added
> successfully.  However, the dnstap.output does not record the DNS
> update.

I think (arguably) this is a limitation of the dnstap specification. It's
defined in a Protocol Buffers declaration file (see the link below) and it
only specifies message types for normal queries and responses. The types
correspond roughly to tap points in the code - it isn't as low-level as
you might expect, if you are imagining something that hooks into the
network IO layer.

If you want to record other kinds of messages (UPDATE, NOTIFY, etc.) it
would probably be best to extend the dnstap `Type` enum, and add
corresponding dns_dt_send() calls to BIND's code. But you should check
with Robert Edmonds first :-)

https://gitlab.isc.org/isc-projects/bind9/blob/master/lib/dns/dnstap.proto#L69

Tony.
--
f.anthony.n.finch  <dot at dotat.at<mailto:dot at dotat.at>>  http://dotat.at/
Sole, Lundy, Fastnet, Irish Sea: Variable 3 or 4. Smooth or slight. Fog
patches. Moderate, occasionally very poor, becoming good for a time.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180803/ddd8687b/attachment.html>

More information about the bind-users mailing list