Maintained by: NLnet Labs

[Unbound-users] [wishlist] unbound vs djbdns

Alexander Clouter
Tue Jun 14 16:53:41 CEST 2011


Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>>> For the log file with queries have you thought about this:
>>> tcpdump -i xl0 dst port domain and "(" dst host [your-resolver-IP] or
>>> dst host [your-resolver-IP6] ")"
>>
>> For security reasons, you shouldn't really parse traffic on a production
>> system, though you could write the logfile and do so offline.
> 
> ...which would be a good reason for unbound to do the logging itself. 
> Unbound has already parsed the DNS packet, by necessity.
>
...logging in the 'fast path', not advisable.

Plus assuming part of the reason you might be logging is to catch 
unbound-kill packets, not great.

Using a specific logging/recording tool means it becomes independent on 
the DNS server you use.

Cheers

-- 
Alexander Clouter
.sigmonster says: Shah, shah!  Ayatollah you so!