Maintained by: NLnet Labs

[Unbound-users] [wishlist] unbound vs djbdns

Phil Mayers
Tue Jun 14 18:57:15 CEST 2011


On 06/14/2011 03:53 PM, Alexander Clouter wrote:
> Phil Mayers<p.mayers at imperial.ac.uk>  wrote:
>>>
>>>> For the log file with queries have you thought about this:
>>>> tcpdump -i xl0 dst port domain and "(" dst host [your-resolver-IP] or
>>>> dst host [your-resolver-IP6] ")"
>>>
>>> For security reasons, you shouldn't really parse traffic on a production
>>> system, though you could write the logfile and do so offline.
>>
>> ...which would be a good reason for unbound to do the logging itself.
>> Unbound has already parsed the DNS packet, by necessity.
>>
> ...logging in the 'fast path', not advisable.

Says who?

Bind 9 manages this just fine at our site, at excessively high loads.

>
> Plus assuming part of the reason you might be logging is to catch
> unbound-kill packets, not great.

I think it would be better to have packets no kill unbound personally...

>
> Using a specific logging/recording tool means it becomes independent on
> the DNS server you use.

It's also another bit of software to install, update, configure and 
manage. It's another independent DNS parser, which may or may not be as 
robust as the DNS parser in a high-volume recursive resolver. And it 
lacks access to internal resolver state, which the logging may or may 
not want to record e.g.

date name class type flags from-cache=yes|no

But hey - since unbound already doesn't log, you've got what you want, 
so why worry?