- Fix #1184: Log DNS replies. This includes the same logging

information that DNS queries and response code and response size, patch from Larissa Feng. git-svn-id: file:///svn/unbound/trunk@3980 be551aaa-1e26-0410-a405-d3ace91eadb9
2026-02-18 10:09:27 -05:00 · 2017-01-05 11:39:54 +00:00 · 2017-01-05 11:39:54 +00:00 · 9b4b0de746
commit 9b4b0de746
parent a3441215f1
14 changed files with 2558 additions and 2437 deletions
--- a/daemon/worker.c
+++ b/daemon/worker.c
@ -1085,6 +1085,12 @@ send_reply_rc:
 		dt_msg_send_client_response(&worker->dtenv, &repinfo->addr,
 			c->type, c->buffer);
 #endif
+	if(worker->env.cfg->log_replies)
+	{
+		struct timeval tv = {0, 0};
+		log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen,
+			tv, 1, c->buffer);
+	}
 	return rc;
 }

--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,6 +1,9 @@
 5 January 2017: Wouter
 	- Fix to return formerr for queries for meta-types, to avoid
 	  packet amplification if this meta-type is sent on to upstream.
+	- Fix #1184: Log DNS replies. This includes the same logging
+	  information that DNS queries and response code and response size,
+	  patch from Larissa Feng.

 3 January 2017: Wouter
 	- configure --enable-systemd and lets unbound use systemd sockets if
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -292,6 +292,10 @@ server:
 	# print one line with time, IP, name, type, class for every query.
 	# log-queries: no

+	# print one line per reply, with time, IP, name, type, class, rcode,
+	# timetoresolve, fromcache and responsesize.
+	# log-replies: no
+
 	# the pid file. Can be an absolute path outside of chroot/work dir.
 	# pidfile: "@UNBOUND_PIDFILE@"

--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -557,6 +557,13 @@ name, type and class.  Default is no.  Note that it takes time to print these
 lines which makes the server (significantly) slower.  Odd (nonprintable)
 characters in names are printed as '?'.
 .TP
+.B log\-replies: \fI<yes or no>
+Prints one line per reply to the log, with the log timestamp and IP address,
+name, type, class, return code, time to resolve, from cache and response size.
+Default is no.  Note that it takes time to print these
+lines which makes the server (significantly) slower.  Odd (nonprintable)
+characters in names are printed as '?'.
+.TP
 .B pidfile: \fI<filename>
 The process id is written to the file. Default is "@UNBOUND_PIDFILE@". 
 So,
--- a/services/mesh.c
+++ b/services/mesh.c
@ -1019,6 +1019,12 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 			query_reply.c->buffer)) == 0)
 			m->s.env->mesh->ans_nodata++;
 	}
+	/* Log reply sent */
+	if(m->s.env->cfg->log_replies) {
+		log_reply_info(0, &m->s.qinfo, &r->query_reply.addr,
+			r->query_reply.addrlen, duration, 0,
+			r->query_reply.c->buffer);
+	}
 }

 void mesh_query_done(struct mesh_state* mstate)
--- a/util/config_file.c
+++ b/util/config_file.c
@ -108,6 +108,7 @@ config_create(void)
 	cfg->log_identity = NULL; /* changed later with argv[0] */
 	cfg->log_time_ascii = 0;
 	cfg->log_queries = 0;
+	cfg->log_replies = 0;
 #ifndef USE_WINSOCK
 #  ifdef USE_MINI_EVENT
 	/* select max 1024 sockets */
@ -458,6 +459,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_NUMBER_OR_ZERO("val-log-level:", val_log_level)
 	else S_YNO("val-log-squelch:", val_log_squelch)
 	else S_YNO("log-queries:", log_queries)
+	else S_YNO("log-replies:", log_replies)
 	else S_YNO("val-permissive-mode:", val_permissive_mode)
 	else S_YNO("ignore-cd-flag:", ignore_cd)
 	else S_YNO("serve-expired:", serve_expired)
@ -736,6 +738,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_STR(opt, "directory", directory)
 	else O_STR(opt, "logfile", logfile)
 	else O_YNO(opt, "log-queries", log_queries)
+	else O_YNO(opt, "log-replies", log_replies)
 	else O_STR(opt, "pidfile", pidfile)
 	else O_YNO(opt, "hide-identity", hide_identity)
 	else O_YNO(opt, "hide-version", hide_version)
--- a/util/config_file.h
+++ b/util/config_file.h
@ -229,6 +229,8 @@ struct config_file {
 	int log_time_ascii;
 	/** log queries with one line per query */
 	int log_queries;
+	/** log replies with one line per reply */
+	int log_replies;
 	/** log identity to report */
 	char* log_identity;

--- a/util/configlexer.c
+++ b/util/configlexer.c
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@ -334,6 +334,7 @@ use-syslog{COLON}		{ YDVAR(1, VAR_USE_SYSLOG) }
 log-identity{COLON}		{ YDVAR(1, VAR_LOG_IDENTITY) }
 log-time-ascii{COLON}		{ YDVAR(1, VAR_LOG_TIME_ASCII) }
 log-queries{COLON}		{ YDVAR(1, VAR_LOG_QUERIES) }
+log-replies{COLON}		{ YDVAR(1, VAR_LOG_REPLIES) }
 local-zone{COLON}		{ YDVAR(2, VAR_LOCAL_ZONE) }
 local-data{COLON}		{ YDVAR(1, VAR_LOCAL_DATA) }
 local-data-ptr{COLON}		{ YDVAR(1, VAR_LOCAL_DATA_PTR) }
--- a/util/configparser.c
+++ b/util/configparser.c
--- a/util/configparser.h
+++ b/util/configparser.h
@ -168,65 +168,66 @@ extern int yydebug;
    VAR_HARDEN_BELOW_NXDOMAIN = 378,
    VAR_IGNORE_CD_FLAG = 379,
    VAR_LOG_QUERIES = 380,
-    VAR_TCP_UPSTREAM = 381,
-    VAR_SSL_UPSTREAM = 382,
-    VAR_SSL_SERVICE_KEY = 383,
-    VAR_SSL_SERVICE_PEM = 384,
-    VAR_SSL_PORT = 385,
-    VAR_FORWARD_FIRST = 386,
-    VAR_STUB_SSL_UPSTREAM = 387,
-    VAR_FORWARD_SSL_UPSTREAM = 388,
-    VAR_STUB_FIRST = 389,
-    VAR_MINIMAL_RESPONSES = 390,
-    VAR_RRSET_ROUNDROBIN = 391,
-    VAR_MAX_UDP_SIZE = 392,
-    VAR_DELAY_CLOSE = 393,
-    VAR_UNBLOCK_LAN_ZONES = 394,
-    VAR_INSECURE_LAN_ZONES = 395,
-    VAR_INFRA_CACHE_MIN_RTT = 396,
-    VAR_DNS64_PREFIX = 397,
-    VAR_DNS64_SYNTHALL = 398,
-    VAR_DNSTAP = 399,
-    VAR_DNSTAP_ENABLE = 400,
-    VAR_DNSTAP_SOCKET_PATH = 401,
-    VAR_DNSTAP_SEND_IDENTITY = 402,
-    VAR_DNSTAP_SEND_VERSION = 403,
-    VAR_DNSTAP_IDENTITY = 404,
-    VAR_DNSTAP_VERSION = 405,
-    VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 406,
-    VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 407,
-    VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 408,
-    VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 409,
-    VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 410,
-    VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 411,
-    VAR_HARDEN_ALGO_DOWNGRADE = 412,
-    VAR_IP_TRANSPARENT = 413,
-    VAR_DISABLE_DNSSEC_LAME_CHECK = 414,
-    VAR_RATELIMIT = 415,
-    VAR_RATELIMIT_SLABS = 416,
-    VAR_RATELIMIT_SIZE = 417,
-    VAR_RATELIMIT_FOR_DOMAIN = 418,
-    VAR_RATELIMIT_BELOW_DOMAIN = 419,
-    VAR_RATELIMIT_FACTOR = 420,
-    VAR_CAPS_WHITELIST = 421,
-    VAR_CACHE_MAX_NEGATIVE_TTL = 422,
-    VAR_PERMIT_SMALL_HOLDDOWN = 423,
-    VAR_QNAME_MINIMISATION = 424,
-    VAR_QNAME_MINIMISATION_STRICT = 425,
-    VAR_IP_FREEBIND = 426,
-    VAR_DEFINE_TAG = 427,
-    VAR_LOCAL_ZONE_TAG = 428,
-    VAR_ACCESS_CONTROL_TAG = 429,
-    VAR_LOCAL_ZONE_OVERRIDE = 430,
-    VAR_ACCESS_CONTROL_TAG_ACTION = 431,
-    VAR_ACCESS_CONTROL_TAG_DATA = 432,
-    VAR_VIEW = 433,
-    VAR_ACCESS_CONTROL_VIEW = 434,
-    VAR_VIEW_FIRST = 435,
-    VAR_SERVE_EXPIRED = 436,
-    VAR_FAKE_DSA = 437,
-    VAR_LOG_IDENTITY = 438,
-    VAR_USE_SYSTEMD = 439
+    VAR_LOG_REPLIES = 381,
+    VAR_TCP_UPSTREAM = 382,
+    VAR_SSL_UPSTREAM = 383,
+    VAR_SSL_SERVICE_KEY = 384,
+    VAR_SSL_SERVICE_PEM = 385,
+    VAR_SSL_PORT = 386,
+    VAR_FORWARD_FIRST = 387,
+    VAR_STUB_SSL_UPSTREAM = 388,
+    VAR_FORWARD_SSL_UPSTREAM = 389,
+    VAR_STUB_FIRST = 390,
+    VAR_MINIMAL_RESPONSES = 391,
+    VAR_RRSET_ROUNDROBIN = 392,
+    VAR_MAX_UDP_SIZE = 393,
+    VAR_DELAY_CLOSE = 394,
+    VAR_UNBLOCK_LAN_ZONES = 395,
+    VAR_INSECURE_LAN_ZONES = 396,
+    VAR_INFRA_CACHE_MIN_RTT = 397,
+    VAR_DNS64_PREFIX = 398,
+    VAR_DNS64_SYNTHALL = 399,
+    VAR_DNSTAP = 400,
+    VAR_DNSTAP_ENABLE = 401,
+    VAR_DNSTAP_SOCKET_PATH = 402,
+    VAR_DNSTAP_SEND_IDENTITY = 403,
+    VAR_DNSTAP_SEND_VERSION = 404,
+    VAR_DNSTAP_IDENTITY = 405,
+    VAR_DNSTAP_VERSION = 406,
+    VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407,
+    VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408,
+    VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409,
+    VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410,
+    VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411,
+    VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412,
+    VAR_HARDEN_ALGO_DOWNGRADE = 413,
+    VAR_IP_TRANSPARENT = 414,
+    VAR_DISABLE_DNSSEC_LAME_CHECK = 415,
+    VAR_RATELIMIT = 416,
+    VAR_RATELIMIT_SLABS = 417,
+    VAR_RATELIMIT_SIZE = 418,
+    VAR_RATELIMIT_FOR_DOMAIN = 419,
+    VAR_RATELIMIT_BELOW_DOMAIN = 420,
+    VAR_RATELIMIT_FACTOR = 421,
+    VAR_CAPS_WHITELIST = 422,
+    VAR_CACHE_MAX_NEGATIVE_TTL = 423,
+    VAR_PERMIT_SMALL_HOLDDOWN = 424,
+    VAR_QNAME_MINIMISATION = 425,
+    VAR_QNAME_MINIMISATION_STRICT = 426,
+    VAR_IP_FREEBIND = 427,
+    VAR_DEFINE_TAG = 428,
+    VAR_LOCAL_ZONE_TAG = 429,
+    VAR_ACCESS_CONTROL_TAG = 430,
+    VAR_LOCAL_ZONE_OVERRIDE = 431,
+    VAR_ACCESS_CONTROL_TAG_ACTION = 432,
+    VAR_ACCESS_CONTROL_TAG_DATA = 433,
+    VAR_VIEW = 434,
+    VAR_ACCESS_CONTROL_VIEW = 435,
+    VAR_VIEW_FIRST = 436,
+    VAR_SERVE_EXPIRED = 437,
+    VAR_FAKE_DSA = 438,
+    VAR_LOG_IDENTITY = 439,
+    VAR_USE_SYSTEMD = 440
  };
 #endif
 /* Tokens.  */
@ -353,65 +354,66 @@ extern int yydebug;
 #define VAR_HARDEN_BELOW_NXDOMAIN 378
 #define VAR_IGNORE_CD_FLAG 379
 #define VAR_LOG_QUERIES 380
-#define VAR_TCP_UPSTREAM 381
-#define VAR_SSL_UPSTREAM 382
-#define VAR_SSL_SERVICE_KEY 383
-#define VAR_SSL_SERVICE_PEM 384
-#define VAR_SSL_PORT 385
-#define VAR_FORWARD_FIRST 386
-#define VAR_STUB_SSL_UPSTREAM 387
-#define VAR_FORWARD_SSL_UPSTREAM 388
-#define VAR_STUB_FIRST 389
-#define VAR_MINIMAL_RESPONSES 390
-#define VAR_RRSET_ROUNDROBIN 391
-#define VAR_MAX_UDP_SIZE 392
-#define VAR_DELAY_CLOSE 393
-#define VAR_UNBLOCK_LAN_ZONES 394
-#define VAR_INSECURE_LAN_ZONES 395
-#define VAR_INFRA_CACHE_MIN_RTT 396
-#define VAR_DNS64_PREFIX 397
-#define VAR_DNS64_SYNTHALL 398
-#define VAR_DNSTAP 399
-#define VAR_DNSTAP_ENABLE 400
-#define VAR_DNSTAP_SOCKET_PATH 401
-#define VAR_DNSTAP_SEND_IDENTITY 402
-#define VAR_DNSTAP_SEND_VERSION 403
-#define VAR_DNSTAP_IDENTITY 404
-#define VAR_DNSTAP_VERSION 405
-#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 406
-#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 407
-#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 408
-#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 409
-#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 410
-#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 411
-#define VAR_HARDEN_ALGO_DOWNGRADE 412
-#define VAR_IP_TRANSPARENT 413
-#define VAR_DISABLE_DNSSEC_LAME_CHECK 414
-#define VAR_RATELIMIT 415
-#define VAR_RATELIMIT_SLABS 416
-#define VAR_RATELIMIT_SIZE 417
-#define VAR_RATELIMIT_FOR_DOMAIN 418
-#define VAR_RATELIMIT_BELOW_DOMAIN 419
-#define VAR_RATELIMIT_FACTOR 420
-#define VAR_CAPS_WHITELIST 421
-#define VAR_CACHE_MAX_NEGATIVE_TTL 422
-#define VAR_PERMIT_SMALL_HOLDDOWN 423
-#define VAR_QNAME_MINIMISATION 424
-#define VAR_QNAME_MINIMISATION_STRICT 425
-#define VAR_IP_FREEBIND 426
-#define VAR_DEFINE_TAG 427
-#define VAR_LOCAL_ZONE_TAG 428
-#define VAR_ACCESS_CONTROL_TAG 429
-#define VAR_LOCAL_ZONE_OVERRIDE 430
-#define VAR_ACCESS_CONTROL_TAG_ACTION 431
-#define VAR_ACCESS_CONTROL_TAG_DATA 432
-#define VAR_VIEW 433
-#define VAR_ACCESS_CONTROL_VIEW 434
-#define VAR_VIEW_FIRST 435
-#define VAR_SERVE_EXPIRED 436
-#define VAR_FAKE_DSA 437
-#define VAR_LOG_IDENTITY 438
-#define VAR_USE_SYSTEMD 439
+#define VAR_LOG_REPLIES 381
+#define VAR_TCP_UPSTREAM 382
+#define VAR_SSL_UPSTREAM 383
+#define VAR_SSL_SERVICE_KEY 384
+#define VAR_SSL_SERVICE_PEM 385
+#define VAR_SSL_PORT 386
+#define VAR_FORWARD_FIRST 387
+#define VAR_STUB_SSL_UPSTREAM 388
+#define VAR_FORWARD_SSL_UPSTREAM 389
+#define VAR_STUB_FIRST 390
+#define VAR_MINIMAL_RESPONSES 391
+#define VAR_RRSET_ROUNDROBIN 392
+#define VAR_MAX_UDP_SIZE 393
+#define VAR_DELAY_CLOSE 394
+#define VAR_UNBLOCK_LAN_ZONES 395
+#define VAR_INSECURE_LAN_ZONES 396
+#define VAR_INFRA_CACHE_MIN_RTT 397
+#define VAR_DNS64_PREFIX 398
+#define VAR_DNS64_SYNTHALL 399
+#define VAR_DNSTAP 400
+#define VAR_DNSTAP_ENABLE 401
+#define VAR_DNSTAP_SOCKET_PATH 402
+#define VAR_DNSTAP_SEND_IDENTITY 403
+#define VAR_DNSTAP_SEND_VERSION 404
+#define VAR_DNSTAP_IDENTITY 405
+#define VAR_DNSTAP_VERSION 406
+#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407
+#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408
+#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409
+#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410
+#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411
+#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412
+#define VAR_HARDEN_ALGO_DOWNGRADE 413
+#define VAR_IP_TRANSPARENT 414
+#define VAR_DISABLE_DNSSEC_LAME_CHECK 415
+#define VAR_RATELIMIT 416
+#define VAR_RATELIMIT_SLABS 417
+#define VAR_RATELIMIT_SIZE 418
+#define VAR_RATELIMIT_FOR_DOMAIN 419
+#define VAR_RATELIMIT_BELOW_DOMAIN 420
+#define VAR_RATELIMIT_FACTOR 421
+#define VAR_CAPS_WHITELIST 422
+#define VAR_CACHE_MAX_NEGATIVE_TTL 423
+#define VAR_PERMIT_SMALL_HOLDDOWN 424
+#define VAR_QNAME_MINIMISATION 425
+#define VAR_QNAME_MINIMISATION_STRICT 426
+#define VAR_IP_FREEBIND 427
+#define VAR_DEFINE_TAG 428
+#define VAR_LOCAL_ZONE_TAG 429
+#define VAR_ACCESS_CONTROL_TAG 430
+#define VAR_LOCAL_ZONE_OVERRIDE 431
+#define VAR_ACCESS_CONTROL_TAG_ACTION 432
+#define VAR_ACCESS_CONTROL_TAG_DATA 433
+#define VAR_VIEW 434
+#define VAR_ACCESS_CONTROL_VIEW 435
+#define VAR_VIEW_FIRST 436
+#define VAR_SERVE_EXPIRED 437
+#define VAR_FAKE_DSA 438
+#define VAR_LOG_IDENTITY 439
+#define VAR_USE_SYSTEMD 440

 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -422,7 +424,7 @@ union YYSTYPE

 	char*	str;

-#line 426 "util/configparser.h" /* yacc.c:1909  */
+#line 428 "util/configparser.h" /* yacc.c:1909  */
 };

 typedef union YYSTYPE YYSTYPE;
--- a/util/configparser.y
+++ b/util/configparser.y
@ -104,7 +104,8 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN 
 %token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
 %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
-%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
+%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES
+%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
 %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
 %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM
 %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
@ -190,7 +191,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_del_holddown | server_keep_missing | server_so_rcvbuf |
 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
-	server_log_queries | server_tcp_upstream | server_ssl_upstream |
+	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
 	server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
 	server_so_reuseport | server_delay_close |
@ -553,6 +554,15 @@ server_log_queries: VAR_LOG_QUERIES STRING_ARG
 		free($2);
 	}
 	;
+server_log_replies: VAR_LOG_REPLIES STRING_ARG
+  {
+  	OUTYY(("P(server_log_replies:%s)\n", $2));
+  	if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+  		yyerror("expected yes or no.");
+  	else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
+  	free($2);
+  }
+  ;
 server_chroot: VAR_CHROOT STRING_ARG
 	{
 		OUTYY(("P(server_chroot:%s)\n", $2));
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@ -819,7 +819,39 @@ log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep)
 	regional_destroy(region);
 }

-void 
+void
+log_reply_info(enum verbosity_value v, struct query_info *qinf,
+	struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur,
+	int cached, struct sldns_buffer *rmsg)
+{
+	char qname_buf[LDNS_MAX_DOMAINLEN+1];
+	char clientip_buf[128];
+	char rcode_buf[16];
+	char type_buf[16];
+	char class_buf[16];
+	size_t pktlen;
+	uint16_t rcode = FLAGS_GET_RCODE(sldns_buffer_read_u16_at(rmsg, 2));
+
+	if(verbosity < v)
+	  return;
+
+	sldns_wire2str_rcode_buf(rcode, rcode_buf, sizeof(rcode_buf));
+	addr_to_str(addr, addrlen, clientip_buf, sizeof(clientip_buf));
+	if(rcode == LDNS_RCODE_FORMERR)
+	{
+		log_info("%s - - - %s - - - ", clientip_buf, rcode_buf);
+	} else {
+		dname_str(qinf->qname, qname_buf);
+		pktlen = sldns_buffer_limit(rmsg);
+		sldns_wire2str_type_buf(qinf->qtype, type_buf, sizeof(type_buf));
+		sldns_wire2str_class_buf(qinf->qclass, class_buf, sizeof(class_buf));
+		log_info("%s %s %s %s %s " ARG_LL "d.%6.6d %d %d",
+			clientip_buf, qname_buf, type_buf, class_buf,
+			rcode_buf, (long long)dur.tv_sec, (int)dur.tv_usec, cached, (int)pktlen);
+	}
+}
+
+void
 log_query_info(enum verbosity_value v, const char* str, 
 	struct query_info* qinf)
 {
--- a/util/data/msgreply.h
+++ b/util/data/msgreply.h
@ -448,9 +448,26 @@ struct ub_packed_rrset_key* reply_find_rrset(struct reply_info* rep,
 * @param qinfo: query section.
 * @param rep: rest of message.
 */
-void log_dns_msg(const char* str, struct query_info* qinfo, 
+void log_dns_msg(const char* str, struct query_info* qinfo,
 	struct reply_info* rep);

+/**
+ * Print string with neat domain name, type, class,
+ * status code from, and size of a query response.
+ *
+ * @param v: at what verbosity level to print this.
+ * @param qinfo: query section.
+ * @param addr: address of the client.
+ * @param addrlen: length of the client address.
+ * @param dur: how long it took to complete the query.
+ * @param cached: whether or not the reply is coming from
+ *                    the cache, or an outside network.
+ * @param rmsg: sldns buffer packet.
+ */
+void log_reply_info(enum verbosity_value v, struct query_info *qinf,
+	struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur,
+	int cached, struct sldns_buffer *rmsg);
+
 /**
 * Print string with neat domain name, type, class from query info.
 * @param v: at what verbosity level to print this.