Mirroring data flows
Pete Wright
pete at nomadlogic.org
Tue Jun 22 21:07:42 UTC 2021
On 6/22/21 11:10 AM, Russell Sutherland via Unbound-users wrote:
> I want to be able to mirror the UDP port 53 going to my unbound instance for the purposes of testing out a new external DNS firewall service which we want eventually to start forwarding to. I want to be able to e.g. compare the responses with and without the service.
>
> I don't see any unbound feature or module to do this. Forwarding seems to go to one of the external caching servers given in the forward-addr: section.
>
> Any ideas of tools which allow me to do this? I am running unbound under both Ubuntu 20.04 LTS as well as OpenBSD 6.9
You might want to take a look at nfdump and potentially netgraph. I've
used both for intrusion detection purposes on FreeBSD, and I believe
nfdump is supported on OpenBSD - ymmv on linux though:
https://github.com/phaag/nfdump
alternatively you can probably achieve the goal of just mirroring data
(rather than copying, capturing and replaying) using a bridge(4) device
on OpenBSD via ifconfig(8) (specifically "addspan":
https://man.openbsd.org/ifconfig.8
Hope this helps,
-pete
--
Pete Wright
pete at nomadlogic.org
@nomadlogicLA
More information about the Unbound-users
mailing list