Logging source port and Query-ID

Daisuke HIGASHI daisuke.higashi at gmail.com
Sat Sep 17 09:19:59 UTC 2016

  Dnstap frame stream also contains source port and whole DNS
message including query id.

 $ dnstap-ldns -y -r /tmp/dnstap.out

 type: MESSAGE
 identity: "dns01"
 version: "unbound 1.5.9"
   query_time: !!timestamp 2016-09-17 07:45:35.903922
   socket_family: INET6
   socket_protocol: UDP
   query_address: ::1
   query_port: 49332
   query_message: |
     ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59383
     ;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

     ;www.google.com.    IN      A

     ;; EDNS: version 0; flags: ; udp: 4096

  Unbound's dnstap feature works well (you will need to
install some not-so-common libraries to build!) but it is not well
documented, for example not described in unbound.conf(5).
Still experimental feature?

Daisuke Higashi

More information about the Unbound-users mailing list