upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 20:25:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Add a note to the ARM on dnstap & resolver traffic

Browse source 
Warn users that server-side IP addresses are not stored in dnstap
captures of resolver traffic unless "query-source(-v6)" is explicitly
set, explaining why it is so.

(cherry picked from commit 366f7a938b)
This commit is contained in:
Michał Kępień 2022-06-22 15:09:43 +02:00
parent 2eddca913e
commit 40aceeb96a
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/arm/reference.rst
View file

@ -1041,6 +1041,14 @@ default is used.
resolver query;
};
.. note:: In the default configuration, the dnstap output for
recursive resolver traffic does not include the IP addresses used
by server-side sockets. This is caused by the fact that unless the
:ref:`query source address <query_address>` is explicitly set,
these sockets are bound to wildcard IP addresses and determining
the specific IP address used by each of them requires issuing a
system call (i.e. incurring a performance penalty).
Logged ``dnstap`` messages can be parsed using the :iscman:`dnstap-read`
utility (see :ref:`man_dnstap-read` for details).