BIND 9.11.4 dnstap not capturing updates

greg.rabil at bt.com greg.rabil at bt.com
Fri Aug 3 21:23:31 UTC 2018


I had started down the path of adding a new enum.  However, Robert's comment made sense that the granularity of the enums is really for the QR bit and the various points along the query resolution path, so I just used AUTH_QUERY for prototyping purposes.

I could see it being useful to extend the enum to AUTH_QUERY_UPDATE/AUTH_QUERY_RESPONSE, for example, and then extend the filters accordingly.  E.g. dnstap { auth query update; };

Regards,
Greg

-----Original Message-----
From: Evan Hunt [mailto:each at isc.org] 
Sent: Friday, August 3, 2018 4:34 PM
To: Robert Edmonds <edmonds at mycre.ws>
Cc: Rabil,AG,A Gregory,JTK2 R <greg.rabil at bt.com>; dot at dotat.at; bind-users at isc.org
Subject: Re: BIND 9.11.4 dnstap not capturing updates

On Fri, Aug 03, 2018 at 04:18:45PM -0400, Robert Edmonds wrote:
> greg.rabil at bt.com wrote:
> > Thanks Robert.  I've added a few lines of code to BIND's client.c 
> > source module to call dns_dt_send for updates with a type of 
> > AUTH_QUERY, and it works as expected.
>
> > Is there any reason that you can think that it should not be part of 
> > the standard BIND dnstap support?  If not, I will gladly contribute 
> > my change to the ISC.
> 
> I can't think of any reason not to have support for dnstap logging of 
> UPDATEs on the server side in BIND. It just wasn't a focus for the 
> original dnstap design work, which was very STD13 focused.

The terminology's a little misleading since the QUERY and UPDATE opcodes are two different things. But I guess the implication here is that for dnstap purposes, we don't care about opcodes, and "query" is the same as "request".

I can't think of any reason not to tap update requests, but I do wonder whether an extension to the type enum would reduce confusion.

--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.


More information about the bind-users mailing list