[Unbound-users] [wishlist] unbound vs djbdns
Alexander Clouter
alex at digriz.org.uk
Tue Jun 14 14:53:41 UTC 2011
Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>>> For the log file with queries have you thought about this:
>>> tcpdump -i xl0 dst port domain and "(" dst host [your-resolver-IP] or
>>> dst host [your-resolver-IP6] ")"
>>
>> For security reasons, you shouldn't really parse traffic on a production
>> system, though you could write the logfile and do so offline.
>
> ...which would be a good reason for unbound to do the logging itself.
> Unbound has already parsed the DNS packet, by necessity.
>
...logging in the 'fast path', not advisable.
Plus assuming part of the reason you might be logging is to catch
unbound-kill packets, not great.
Using a specific logging/recording tool means it becomes independent on
the DNS server you use.
Cheers
--
Alexander Clouter
.sigmonster says: Shah, shah! Ayatollah you so!
More information about the Unbound-users
mailing list