Maintained by: NLnet Labs

[Unbound-users] [wishlist] unbound vs djbdns

Leen Besselink
Wed Jun 15 21:00:16 CEST 2011


On 06/15/2011 04:31 PM, Alexander Clouter wrote:
> Andreas Schulze <andreas.schulze at datev.de> wrote:
>> I also miss the logging feature.
>>
>> I also know, I could "tcpdump --foo --voodoo".
>> But I do not want read tcpdump's interpretation of a dns packet.
>> I like to see what unbound thinks about it.
>>
> I'm keener to know about the packets unbound cannot parse too, although 
> hopefully rare :)
>
> For stats collecting, rather than diagnosis though, this I can see is 
> not so important.
>
>> I also dislike running tcpdump as a parser with root privileges. Yes, 
>> I could capture as root and parse as nobody, but that's not 
>> comfortable!
>>
> You don't *capture* as root, you bind to a packet socket as root and 
> then immediately drop your privileges permanently...it's identical to a 
> webserver (such as Apache) binding to port 80/tcp as root and then 
> dropping back to www-data from then onwards.  You don't say your CGI 
> scripts are running as root? ;)
>
tcpdump on OpenBSD kind of does this, they have 2 processes and use
privilege separation.

So the process doing the parsing is a chroot'ed and running as nobody or
something similair.

That is probably the best way to handle it.

But sounds to me like this discussion is way offtopic. :-)

> I wrote a packet sniffer, tcpdump/libpcap was too large for my needs, 
> that does just this:
>
> http://www.digriz.org.uk/catnip
>  
>> The suggested logging may be switched on/off via unbound-control.
>> So the "fast path" is less involved.
>>
>> I simply want sometimes know, what questions a specific system
>> asks. Without voodoo ...
>>
>> Anyway, as a postmaster, I would throw away any mailer which could not tell me
>> who is sending/receiving mail. And I would not using tcpdump.
>>
> Some mail servers have poor logging.
>
>> As a webmaster, I would not use a webserver unable to to usual logging.
>> And also nobody uses tcpdump.
>>
> As a sysadmin I go straight for tcpdump as typically the web developers 
> write code that is impossible to debug/diagnose.  I know how something 
> is meant to work, if things go strangely over the wire
>
>> Why I am advised to do so as dnsmaster ?
>>
> As it's an option.  You can delete files in a directory with:
>  * find . -maxdepth 1 -type f | xargs -I{} rm '{}'
>  * find . -maxdepth 1 -type f -delete
>  * rm *
>
> Which one you pick is up to *you* and suits your needs the best.
>
> Cheers
>