Maintained by: NLnet Labs

[Unbound-users] [wishlist] unbound vs djbdns

Andreas Schulze
Wed Jun 15 09:03:00 CEST 2011


Hello,

I also miss the logging feature.

I also know, I could "tcpdump --foo --voodoo".
But I do not want read tcpdump's interpretation of a dns packet.
I like to see what unbound thinks about it.

I also dislike running tcpdump as a parser with root privileges.
Yes, I could capture as root and parse as nobody, but that's not comfortable!

The suggested logging may be switched on/off via unbound-control.
So the "fast path" is less involved.

I simply want sometimes know, what questions a specific system
asks. Without voodoo ...

Anyway, as a postmaster, I would throw away any mailer which could not tell me
who is sending/receiving mail. And I would not using tcpdump.

As a webmaster, I would not use a webserver unable to to usual logging.
And also nobody uses tcpdump.

Why I am advised to do so as dnsmaster ?

>> For security reasons, you shouldn't really parse traffic on a production
>> system, though you could write the logfile and do so offline.
>
> ...which would be a good reason for unbound to do the logging itself.  
> Unbound has already parsed the DNS packet, by necessity.
+1

-- 
Andreas Schulze
Internetdienste | P252

DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen