Dnstap (traffic collection)¶
The dnstap
module supports logging DNS requests and responses to a unix socket in dnstap format using fstrm framing library. This logging is useful if you need effectively log all DNS traffic.
The unix socket and the socket reader must be present before starting resolver instances. Also it needs appropriate filesystem permissions; the typical user and group of the daemon are called knot-resolver
.
Tunables:
socket_path
: the unix socket file where dnstap messages will be sentidentity
: identity string as typically returned by an “NSID” (RFC 5001) query, empty by defaultversion
: version string of the resolver, defaulting to “Knot Resolver major.minor.patch”client.log_queries
: iftrue
queries from downstream in wire format will be loggedclient.log_responses
: iftrue
responses to downstream in wire format will be logged
modules = {
dnstap = {
socket_path = "/tmp/dnstap.sock",
identity = nsid.name() or "",
version = "My Custom Knot Resolver " .. package_version(),
client = {
log_queries = true,
log_responses = true,
},
}
}