Logging source port and Query-ID
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Fri Sep 16 18:27:56 UTC 2016
Hi Lorenzo,
Use log-queries: yes and with the patch below it then looks like this
in the log: info: e96a ::1 at 57367 www.nlnetlabs.nl. A IN
Index: daemon/worker.c
===================================================================
--- daemon/worker.c (revision 3862)
+++ daemon/worker.c (working copy)
@@ -857,8 +857,11 @@
}
if(worker->env.cfg->log_queries) {
char ip[128];
+ char extended[256];
+ uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
- log_nametypeclass(0, ip, qinfo.qname, qinfo.qtype, qinfo.qclass);
+ snprintf(extended, sizeof(extended), "%4.4x %s@%d",
(unsigned)LDNS_ID_WIRE(sldns_buffer_begin(c->buffer)), ip, (int)port);
+ log_nametypeclass(0, extended, qinfo.qname, qinfo.qtype, qinfo.qclass);
}
if(qinfo.qtype == LDNS_RR_TYPE_AXFR ||
qinfo.qtype == LDNS_RR_TYPE_IXFR) {
Best regards, Wouter
On 16/09/16 09:32, Lorenzo Mainardi via Unbound-users wrote:
> Hello to all,
>
> how can I log source port and Query-ID?
>
> It would be perfect have it to detect some kind of attacks.
>
> Regards
>
>
>
> * *
>
> *dig**it**el*
>
>
>
> Via della Fortezza 6 - 50129 Firenze
>
> www.digitelitalia.com <http://www.digitelitalia.com/> - 800 901
> 669
>
>
>
> Ing. Lorenzo Mainardi//
>
>
>
> Tel +39 055 4624933
>
> Fax +39 055 4624 947
>
> lom at digitelitalia.com <mailto:lom at digitelitalia.com>
>
>
>
>
>
More information about the Unbound-users
mailing list