RE: Need support setting up bind with dnstap
Hello,
We have setup a bind with dnstap enabled and bind is running on channel
127.0.0.1. We want to write all DNS queries resolved by any name servers to
dnstap file. But ,it is writing the query logging to dnstap file which
resolving only by 127.0.0.1 and localhost name servers. bind version is 9.18.32
and it is running on ubuntu. Please help us with the setup to run it on
127.0.0.53 or logging all DNS queries resolving by all name servers on dnstap
file.
Thanks.
Current named.conf
//include "/etc/bind/named.conf.options";
//include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
options {
directory "/var/cache/bind";
//dnstap { all; };
//dnstap-output unix "/opt/dnstap.sock";
// dnstap-identity dns-bind;
// dnstap-version bind;
//forwarders { 8.8.8.8; 8.8.4.4; };
dnstap { all;};
dnstap-output file "/var/cache/bind/bind.dnstap";
dnssec-validation auto;
//auth-nxdomain no;
dump-file "/var/cache/bind/named_dump.db";
statistics-file "/var/cache/bind/named.stats";
listen-on port 53 { 0.0.0.0/0; };
listen-on-v6 port 53 { any; };
//allow-query { localhost; 2001:7fd::1::/64; };
//allow-query { 0.0.0.0/0; ::/0; localhost; };
//allow-recursion { localnets; };
//version "DNS";
//recursion yes;
//allow-recursion { localhost; 192.0.2.0/24; 2001:db8:1::/64; };
//allow-transfer {
//127.0.0.1; ::1;
//};
// dnssec-enable yes;
//disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa";
//notify yes;
};
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
--
Meghana
Senior Devops Engineer
From: S L, Meghana
Sen
RE: Need support setting up bind with dnstap
Your question and problem aren't clearly stated. I think that's because you don't really understand the environment you're working with. I'm guessing you have systemd resolved running; start there. You probably need to turn it off. Then name resolution will be broken until you get it properly set up with BIND. If you're looking for smoke, look in (the correct) resolv.conf. You should also familiarize yourself with nsswitch.conf to get a kind of "lay of the land". (You probably want to be more selective on what you have written by Dnstap. You'll also probably find that the information is in different places in the protobuf payload depending on the type of query / response being logged.) -- Fred Morris On Tue, 7 Jan 2025, S L, Meghana via bind-users wrote: We have setup a bind with dnstap enabled and bind is running on channel 127.0.0.1. We want to write all DNS queries resolved by any name servers to dnstap file. But ,it is writing the query logging to dnstap file which resolving only by 127.0.0.1 and localhost name servers. bind version is 9.18.32 and it is running on ubuntu. Please help us with the setup to run it on 127.0.0.53 or logging all DNS queries resolving by all name servers on dnstap file. Thanks. [...] From: S L, Meghana Sent: 07 January 2025 20:00 To: bind-users@lists.isc.org Subject: Need support setting up bind with dnstap Hello, We have setup a bind with dnstap enabled and bind is running on channel 127.0.0.1. We want to write all DNS queries resolved by any name servers to dnstap file. But ,it is writing the query logging to dnstap file which resolving only by 127.0.0.1 and localhost name servers. bind version is 9.18.32 and it is running on ubuntu. Please help us with the setup to run it on 127.0.0.53 or logging all DNS queries resolving by all name servers on dnstap file. Thanks. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
