Query logging performance

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Aug 4 07:24:51 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Darren,

On 03/08/15 19:50, Darren Spruell via Unbound-users wrote:
> Unbound's documentation mentions that query logging can have very 
> adverse performance on server operation. I was curious if the
> project feels this has been optimized to the degree possible
> already, or if an approach similar to what some other projects take
> may be beneficial; namely something like delegating logging
> responsibilities to a different thread (Suricata IDS engine, I
> think) or even using a separate log output process (Squid [1],
> OpenBSD's PF/pflogd(8) [2]).
> 
> Alternately, is dnstap [3] the preferred direction for this?
> Depending on the implementation, the difference in complexity
> between a fast, native textual query log on the server vs. a dnstap
> configuration could be a factor.

Dnstap is implemented, configure --enable-dnstap.

Make sure to install the dependencies, libfstrm and protobuf-c. In
unbound.conf it looks a bit like this:

dnstap:
	dnstap-enable: yes
	dnstap-socket-path: "/tmp/mysock"

Best regards,
   Wouter

> 
> [1] http://www.squid-cache.org/Doc/config/logfile_daemon/ [2]
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/pflogd.8?q
uery=pflogd&sec=8
>
> 
[3] http://dnstap.info/
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVwGjDAAoJEJ9vHC1+BF+NFJQP/i10HHNU7LRoGncHeCIFPO39
+rjqjBq0isUj8G/tvd1flSa/KLTXDuvX9cVi/Yb1bw3h6hqhqlTwdacGiyhZLFV2
RO687zeCSEU/erGLFfc150F0dUuXRisrtP4CIXPvMBLVF6Xhs+uGwxzxSu6z5/xB
P/TaQKIqSZh2FCGb1KxMoSbNq4Epzr5JsGdABYejz9cC35R7CjhD7hND80cfqqOt
WWM3e1qLp4YpptEMf0Pz7QcftMgnL1f5451joz01jmu7a/mr8FEb6RFv4x9MHftn
QDM2Xt7k+E1OAmzD++/TCUL3fSVk9SyO7Lf4FObN5KDPDzcHraBzy9L8b15n4air
UCM0oQJzqiP/MllWNzkuQrT19K4jzdgvP3lIeDnvgYd/vhGoxrWuzSEji5sJhVvq
jRGphcxKN+P2DTJWTwAaCxC8ELwizFRkCjpwPBDLFBzWeTbaxT97fSoWzQJAdojP
BX1wGsZix3l1qDjYSATlFuyLVRBuSJa4F5Sgm2NO/ddH0ue+Ah38XIA5rZNJzbw2
Nhr4h4xKUdP9yYj2qmKlqzvjh+YGzMW2R9/4FL/iT9J2mhQh1OjLOJM1sP+ls7M7
txWmr1uTAMiZKR6SewtZt7BOyTDDwZhAAZNFJ6P2VKB4SykQ07d0W1BUQoOUk9Ym
DSUNSLFKqpBwpzdVXK07
=JzY3
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list