Reference
http://dnstap.info/Tutorials/NANOG60/
Here are trial and error logs when building unbound dnstap.
In short, you can dump both request and response logs with dnstap.
# tail -1 /etc/lsb-release ;uname –ri
DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
3.2.0-60-generic x86_64
|
install required packages to build dnstap.
# apt-get install build-essential pkg-config protobuf-compiler libpro
tobuf-dev libprotoc-dev git mercurial
|
install C components
1548 wget https://dl.farsightsecurity.com/dist/presentations/nanog60/fstrm-0.1.0.tar.gz
1549 tar xzvf fstrm-0.1.0.tar.gz
1550 cd fstrm-0.1.0/
1551 ./configure
1552 make
1553 make install
|
1556 wget https://dl.farsightsecurity.com/dist/presentations/nanog60/protobuf-c-1.0.0-pre.tar.gz
1557 tar xzvf protobuf-c-1.0.0-pre.tar.gz
1558 cd protobuf-c-1.0.0-pre/
1559 ./configure
1560 make
1561 make install
|
install Go.
# tar -C /usr/local -xzf go1.2.1.linux-amd64.tar.gz
# export PATH=$PATH:/usr/local/go/bin
# export GOROOT=/usr/local/go
# export GOPATH=$HOME/gocode
# which go
/usr/local/go/bin/go
# go version
go version go1.2.1 linux/amd64
|
# go env
GOARCH="amd64"
GOBIN=""
GOCHAR="6"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/gocode"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
TERM="dumb"
CC="gcc"
GOGCCFLAGS="-g -O2 -fPIC -m64 -pthread"
CXX="g++"
CGO_ENABLED="1"
|
install Go components
# go get -u -v github.com/dnstap/golang-dnstap/dnstap
github.com/dnstap/golang-dnstap (download)
code.google.com/p/goprotobuf (download)
github.com/farsightsec/golang-framestream (download)
github.com/miekg/dns (download)
code.google.com/p/goprotobuf/proto
github.com/farsightsec/golang-framestream
github.com/miekg/dns
github.com/dnstap/golang-dnstap
github.com/dnstap/golang-dnstap/dnstap
|
dnstap has been installed under $GOPATH/bin
# pwd
/root/gocode/bin
# ./dnstap --help
Usage: ./dnstap [OPTION]...
-q=false: use quiet text output
-r="": read dnstap payloads from file
-u="": read dnstap payloads from unix socket
-w="-": write output to file
-y=false: use verbose YAML output
Quiet text output format mnemonics:
AQ: AUTH_QUERY
AR: AUTH_RESPONSE
RQ: RESOLVER_QUERY
RR: RESOLVER_RESPONSE
CQ: CLIENT_QUERY
CR: CLIENT_RESPONSE
FQ: FORWARDER_QUERY
FR: FORWARDER_RESPONSE
SQ: STUB_QUERY
SR: STUB_RESPONSE
|
install unbound
|
# tar xvf unbound-1.4.21+dnstap1.tar.gz
# cd unbound-1.4.21+dnstap1/
# ./configure --enable-dnstap
checking if openssl supports SHA2 and ECDSA with EVP... yes
checking for libexpat... configure: error: Could not find libexpat, expat.h
# apt-cache search libexpat1
# ./configure --enable-dnstap
checking for ldns_rr_new in -lldns... no
configure: error: No ldns library found, install the ldns library into system lib dir or use --with-ldns=path to other location. The --with-ldns can point to the make-dir of ldns. Install the package ldns or download source http://www.nlnetlabs.nl/projects/ldns
# apt-get install libldns1 libldns-dev ldnsutils
# ./configure --enable-dnstap
checking for ldns/ldns.h... yes
configure: error: ldns library is not recent, update the ldns library, install it into system lib dir or use --with-ldns=path to other location. The --with-ldns can point to the make-dir of ldns. Package libldns or download source http://www.nlnetlabs.nl/projects/ldns
|
ldns which I have installed via apt-get seems to be old..
install ldns from source.
remove libldns
# apt-get remove libldns1 libldns-dev ldnsutils
|
install libldns from source.
# tar xzvf ldns-1.6.17.tar.gz
# cd ldns-1.6.17/
# ./configure
# make
# make install
|
build unbound-dnstap
# cd unbound-1.4.21+dnstap1/
# ./configure --enable-dnstap
# make
# make install
# /usr/local/sbin/unbound --version
Version 1.4.21
linked libs: mini-event internal (it uses select), ldns 1.6.17, OpenSSL 1.0.1 14 Mar 2012
linked modules: validator iterator
configured for x86_64-unknown-linux-gnu on Mon Mar 24 11:44:59 JST 2014 with options: '--enable-dnstap'
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl
|
download a sample configuration of unbound dnstap.
# wget -O /tmp/unbound.conf https://dl.farsightsecurity.com/dist/presentations/nanog60/unbound.conf
|
# cat /tmp/unbound.conf
server:
verbosity: 1
num-threads: 1
# interface: 127.0.0.1@53053
interface: 127.0.0.1
do-daemonize: no
chroot: ""
pidfile: "/tmp/unbound.pid"
username: ""
directory: "/tmp"
logfile: ""
log-time-ascii: yes
log-queries: yes
target-fetch-policy: "0 0 0 0 0"
dnstap:
dnstap-enable: yes
dnstap-socket-path: "/tmp/dnstap.sock"
dnstap-identity: "nanog60-dnstap-demo"
dnstap-version: "unbound 1.4.21+dnstap1"
dnstap-send-identity: yes
dnstap-send-version: yes
dnstap-log-client-query-messages: yes
dnstap-log-client-response-messages: yes
dnstap-log-resolver-query-messages: yes
dnstap-log-resolver-response-messages: yes
dnstap-log-forwarder-query-messages: yes
dnstap-log-forwarder-response-messages: yes
stub-zone:
name: "."
stub-addr: 192.5.5.241
forward-zone:
name: "google.com"
forward-addr: 8.8.8.8
|
start unbound
# /usr/local/sbin/unbound -c /tmp/unbound.conf
|
run dnstap
# ./dnstap -u /tmp/dnstap.sock -w /tmp/dnstap.out
dnstap: opened input socket /tmp/dnstap.sock
dnstap.FrameStreamSockInput: accepted a socket connection
|
issue dig command
# dig @127.1 www.google.com
|
stop dnstap and then read dnstap.out with dnstap command.
CR = Client Query
CR = Client Response
# ./dnstap -r /tmp/dnstap.out
dnstap: opened input file /tmp/dnstap.out
19:51:00.692605 CQ 127.0.0.1 UDP 32b "www.google.com." IN A
19:51:00.692689 CR 127.0.0.1 UDP 112b "www.google.com." IN A
|
20:03:53.935890 CQ 127.0.0.1 TCP 25b "isc.org." IN ANY
20:03:53.935975 CR 127.0.0.1 TCP 3272b "isc.org." IN ANY
|
# ./dnstap -y -r /tmp/dnstap.out | head -10
dnstap: opened input file /tmp/dnstap.out
type: MESSAGE
identity: "nanog60-dnstap-demo"
version: "unbound 1.4.21+dnstap1"
message:
type: CLIENT_QUERY
query_time: !!timestamp 2014-03-24 05:16:04.087846
socket_family: INET
socket_protocol: UDP
query_address: 127.0.0.1
query_port: 38914
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.