unbound-docker icon indicating copy to clipboard operation
unbound-docker copied to clipboard

Published 20 hours ago verified publisher icon klutchell

DNSTap

Open loe opened this issue 2 years ago • 10 comments

Thoughts on an alternate build with it enabled? Drags in some dependencies, so not advocating for it as the default.

loe avatar Dec 13 '22 16:12 loe

What additional dependencies would it require?

klutchell avatar Dec 14 '22 15:12 klutchell

It depends on protobuf and fstrm.

https://dnstap.info/Source/

loe avatar Dec 14 '22 17:12 loe

I will have to look into this since we are using the official buildroot recipe for unbound. I would probably rather upstream this as a buildroot option rather than maintain another patch.

klutchell avatar Dec 19 '22 15:12 klutchell

I'm not familiar with how options work for buildroot, but the components are all included in the source distribution for unbound. Its an option in the configure script, --enable-dnstap more details in the documentation "DNSTAP Logging Options" section.

loe avatar Dec 20 '22 00:12 loe

We can look into adding a new config option in here and see if the buildroot maintainers accept it. https://github.com/buildroot/buildroot/blob/master/package/unbound/unbound.mk

eg.

ifeq ($(BR2_PACKAGE_UNBOUND_DNSTAP),y)
UNBOUND_CONF_OPTS += --enable-dnstap
UNBOUND_DEPENDENCIES += fstrm
UNBOUND_DEPENDENCIES += protobuf-c
else
UNBOUND_CONF_OPTS += --disable-dnstap
endif

There would also need to be some additional dependencies added in here https://github.com/buildroot/buildroot/blob/master/package/unbound/Config.in eg.

if BR2_PACKAGE_UNBOUND
config BR2_PACKAGE_UNBOUND_DNSTAP
	bool "enable dnstap"
	select BR2_PACKAGE_FSTRM
	select BR2_PACKAGE_PROTOBUF_C
	help
	  dnstap is a flexible, structured binary log format for
	  DNS software.

	  https://dnstap.info/

	  It uses Protocol Buffers to encode events that occur
	  inside DNS software in an implementation-neutral format.

	  dnstap logging starts an extra thread that writes the log
	  information to the destination.
endif

klutchell avatar Dec 21 '22 00:12 klutchell

There does not appear to be an fstrm package in buildroot, so we would need to make a whole new package for that as well.

klutchell avatar Dec 22 '22 14:12 klutchell

I have a PR that removes the dependency on buildroot: https://github.com/klutchell/unbound-docker/pull/143

If that PR becomes viable, and I merge it, then the changes above could be added directly to the Dockerfile.

klutchell avatar May 17 '23 19:05 klutchell

The current main branch now builds from sources without buildroot, so feel free to open a PR with the additional DNSTap dependencies and we will see how much size it adds to the image.

klutchell avatar May 22 '23 14:05 klutchell

@loe is this still something you are interested in?

klutchell avatar Aug 24 '23 12:08 klutchell

@loe is this still something you are interested in?

I'll look into it - still interested, would love to know where my traffic is going!

loe avatar Aug 24 '23 16:08 loe