Question about dnstap
Petr Špaček
pspacek at isc.org
Tue Sep 13 10:24:15 UTC 2022
On 12. 09. 22 15:49, Peter wrote:
> On Mon, Sep 12, 2022 at 03:01:38PM +0200, Petr Špaček wrote:
> ! My testing did not uncover anything problematic.
> !
> ! Versions:
> ! fstrm 0.6.1-1
> ! protobuf 21.5-1
> ! protobuf-c 1.4.1-1
> !
> !
> ! A procedure which works:
> ! - start BIND configured with
> ! options {
> ! dnstap { all; };
> ! dnstap-output unix "/tmp/unix";
> ! };
> !
> ! - after BIND starts run fstrm_capture -t protobuf:dnstap.Dnstap -u /tmp/unix
> ! -w /tmp/capture
> !
> ! - fire couple queries: sleep 6 && dig bla example
> !
> ! - check content of /tmp/capture with dnstap-read: dnstap-read -y /tmp/cature
>
> Negative. Does not work here:
>
> /tmp # ls -la capture
> -rw-r--r-- 1 root wheel 42 Sep 12 15:42 capture
> /tmp # dnstap-read -y /tmp/capture
> /tmp # named -V
> BIND 9.16.30 (Extended Support Version) <id:61fdb40>
> running on FreeBSD amd64 13.1-RELEASE-p2 FreeBSD 13.1-RELEASE-p2 n250182-0c5ca3f87266[0c5ca3f87266=752f813d6ccc+24] C6R13V1
Unfortunately neither me on Linux or my colleague who testing on FreeBSD
are able to reproduce the problem you describe.
There is a caveat, though: Without the --split interval option one has
to terminate fstrm_capture to get data for dnstap-read to consume.
That's probably by design and outside of our control (in libfstrm).
Have you terminated fstrm_capture before reading the file?
--
Petr Špaček
More information about the bind-users
mailing list