[Unbound-users] [wishlist] unbound vs djbdns
Andreas Schulze
andreas.schulze at datev.de
Wed Jun 15 07:03:00 UTC 2011
Hello,
I also miss the logging feature.
I also know, I could "tcpdump --foo --voodoo".
But I do not want read tcpdump's interpretation of a dns packet.
I like to see what unbound thinks about it.
I also dislike running tcpdump as a parser with root privileges.
Yes, I could capture as root and parse as nobody, but that's not comfortable!
The suggested logging may be switched on/off via unbound-control.
So the "fast path" is less involved.
I simply want sometimes know, what questions a specific system
asks. Without voodoo ...
Anyway, as a postmaster, I would throw away any mailer which could not tell me
who is sending/receiving mail. And I would not using tcpdump.
As a webmaster, I would not use a webserver unable to to usual logging.
And also nobody uses tcpdump.
Why I am advised to do so as dnsmaster ?
>> For security reasons, you shouldn't really parse traffic on a production
>> system, though you could write the logfile and do so offline.
>
> ...which would be a good reason for unbound to do the logging itself.
> Unbound has already parsed the DNS packet, by necessity.
+1
--
Andreas Schulze
Internetdienste | P252
DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
More information about the Unbound-users
mailing list