Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNSTAP log local address #367

Merged
merged 20 commits into from Feb 25, 2021
Merged

DNSTAP log local address #367

merged 20 commits into from Feb 25, 2021

Conversation

wcawijngaards
Copy link
Member

This PR contains the code contributed in issue #365 that is imported and then gets modified for insertion in to the code repository.

The code adds logging of the destination, or local, address to the dnstap logging.

@wcawijngaards wcawijngaards linked an issue Dec 9, 2020 that may be closed by this pull request
Copy link
Member

@gthess gthess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Nits only.

services/outside_network.c Outdated Show resolved Hide resolved
services/listen_dnsport.c Outdated Show resolved Hide resolved
services/listen_dnsport.c Outdated Show resolved Hide resolved
@wcawijngaards wcawijngaards merged commit 209dc32 into master Feb 25, 2021
wcawijngaards added a commit that referenced this pull request Feb 25, 2021
- Merge PR #367 : DNSTAP log local address.  With code from PR #365
  and fixes #368 : dnstap does not log the DNS message ID for
  FORWARDER_QUERY.
@gthess gthess deleted the dnstap-log-local-addr branch February 26, 2021 09:26
jedisct1 added a commit to jedisct1/unbound that referenced this pull request Feb 26, 2021
* nlnet/master: (103 commits)
  - Fix: Resolve interface names on control-interface too.
  - Fix for NLnetLabs#367: rc_ports don't have ub_sock; skip cleaning up.
  - Fix to allow rpz with wildcard that applies to all TLDs at once.
  Changelog note for NLnetLabs#365, NLnetLabs#367 and NLnetLabs#368. - Merge PR NLnetLabs#367 : DNSTAP log local address.  With code from PR NLnetLabs#365   and fixes NLnetLabs#368 : dnstap does not log the DNS message ID for   FORWARDER_QUERY.
  Fix comment item.
  Fix to use a simple pointer in the call of make_sock and make_sock_port.
  - spelling fix in header.
  - Fix unit test for added ulimit checks.
  - Fix function documentation.
  - On startup of unbound it checks if rlimits on memory size look   sufficient for the configured cache size, and logs warning if not.
  - ipsecmod: Better logging for detecting a cycle when attaching the   A/AAAA subquery.
  - Fix NLnetLabs#384: (1) A minor request to improve the log (2) A minor bug in   one log message.
  - Fix for zonemd, do not reject insecure result from trust anchor   validation step in dnssec chain of trust.
  - Fix for zonemd, that domain-insecure zones work without dnssec.
  Spelling fix.
  - Fix for zonemd, that nxdomain for the chain of trust is allowed   for island zones, it is treates as an insecure zone for verification.
  - Fix NLnetLabs#431: Squelch permission denied errors for tcp connect
  - rpz skip nsec3param records, and nicer log for unsupported actions.
  - Fix NLnetLabs#429: rpz: url: with https: broken (regression in 1.13.1).
  - Fix doxygen and pydoc warnings.
  ...
@iruzanov
Copy link

Hello, Wouter!

In the previous week i've downloaded tarball with source code of unbound-1.13.1 and did not find the code concerning of DNSTAP logging of local IP. Has this code removed from this version of Unbound? Why i'm asking - i'm just worried about future upgrades to the recent versions of Unbound. And in our project the logging of local IP over DNSTAP is of great importance.

Big thank you in advance for answering!

@wcawijngaards
Copy link
Member Author

The code is present in the code repository, but has not been in a release tarball yet. The 1.13.1 release was from before the code merge.

@iruzanov
Copy link

I got it!
Thank you very much for the clarification, Wouter!

gthess added a commit that referenced this pull request May 4, 2021
  that are no longer on the tcp_waiting_list.
jedisct1 added a commit to jedisct1/unbound that referenced this pull request May 9, 2021
* nlnet/master:
  - Remove case fallthrough from deprecate-rsa-1024 code.
  - Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
  - Fix NLnetLabs#485: Unbound occasionally reports broken stats.
  - Rerun flex and bison.
  - Fix to squelch tcp socket bind failures when the interface is gone.
  - Add more logging for out-of-memory cases.
  - Fix for NLnetLabs#367: only attempt to get the interface for queries   that are no longer on the tcp_waiting_list.
  Clearer template text since not everyone can reopen GitHub issues.
  Changelog note for NLnetLabs#478 - Merge NLnetLabs#478: Allow configuration of TCP timeout while waiting for   response.
  Changelog note and improved comment. - Fix NLnetLabs#481: Fix comment in configuration file.
  doc/example.conf.in: Clarify comment for `auto-trust-anchor-file`
  - Add that log-servfail prints an IP address and more information   about one of the last failures for that query.
  Allow configuration of TCP timeout while waiting for response
  Create issue templates
  - Fix compiler warning for signed/unsigned comparison for   max_reuse_tcp_queries.
  - Fix NLnetLabs#474: always_null and others inside view.
@wcawijngaards wcawijngaards restored the dnstap-log-local-addr branch April 14, 2023 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

dnstap does not log the DNS message ID for FORWARDER_QUERY DNSTAP logging in Unbound-1.11.0
3 participants