Query logging performance

Darren Spruell phatbuckett at gmail.com
Mon Aug 3 17:50:39 UTC 2015


Unbound's documentation mentions that query logging can have very
adverse performance on server operation. I was curious if the project
feels this has been optimized to the degree possible already, or if an
approach similar to what some other projects take may be beneficial;
namely something like delegating logging responsibilities to a
different thread (Suricata IDS engine, I think) or even using a
separate log output process (Squid [1], OpenBSD's PF/pflogd(8) [2]).

Alternately, is dnstap [3] the preferred direction for this? Depending
on the implementation, the difference in complexity between a fast,
native textual query log on the server vs. a dnstap configuration
could be a factor.

[1] http://www.squid-cache.org/Doc/config/logfile_daemon/
[2] http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/pflogd.8?query=pflogd&sec=8
[3] http://dnstap.info/

-- 
Darren Spruell
phatbuckett at gmail.com



More information about the Unbound-users mailing list