Dnstap: erinevus redaktsioonide vahel

Sissejuhatus

Tööpõhimõte

Väited

• dnstap formaadis andmeid kogub eraldi protsess ja sisenemiskohaks on unix socket (nt /var/run/dnstap.sock)
• dnstap formaadis andmeid moodustab ja salvestad dnstap koguja unix socket peale nimeserveri protsess, nt nsd
• dnstap koguja tavaliselt võimaldab sinna sisenenud dnstap vormingus andmeid teisendada ja edasi saata, nt järgmisele protsessile või salvestada tekstifaili failisüsteemi

dns-collector

dns-collector https://github.com/dmachard/go-dns-collector kasutamiseks sobib öelda

duser@ns2-nsd-01:~/dnstap-receiver$ docker run --rm -i -t -v /opt/duser/dnstap-receiver/var-run:/var/run -v /opt/duser/dnstap-receiver/dnscollector.conf:/etc/dnscollector/config.yml --name=dnscollector01 dmachard/go-dnscollector

kus

• konteineris töötav .sock mapping - /opt/duser/dnstap-collector/var-run -> /var/run
• konteineris töötav dns collector seadistusfail - /opt/duser/dnstap-collector/dnscollector.conf -> /etc/dnscollector/config.yml

dns collector seadistusfail

root@ns2-nsd-01:~# cat /opt/duser/dnstap-receiver/dnscollector.conf 
trace:
  verbose: true
  log-malformed: false
  filename: ""
  max-size: 10
  max-backups: 10

multiplexer:
  collectors:
    - name: tap_in
      dnstap:
        sock-path: /var/run/dnstap.sock

  loggers:
    - name: std_out
      logfile:
        file-path:  "/var/run/dnstap.log"
        max-size: 100
        max-files: 10
        mode: text
        text-format: "localtime identity qr queryip family protocol qname qtype rcode answer"

  routes:
    - from: [ tap_in ]
      to: [ std_out ]

kus

• TODO

Protesside käivitamise tegevuste järjekord

• kõik protsessid seisavad
• käivitatakse dns collector docker konteiner
• kohendatakse host peal loabitte

root@ns2-nsd-01:~# chmod 0666 /opt/duser/dnstap-receiver/var-run/dnstap.sock

• käivitatakse nsd protsess

root@ns2-nsd-01:~# systemctl start nsd

Tulemusena tekib päringu puhul

$ dig @10.400.0.11 _dmarc.talechh.ee txt

logi

root@ns2-nsd-01:~# tail -n 1  -f /opt/duser/dnstap-receiver/var-run/dnstap.log 
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d;

NSD seadistamine

dnstap:
        dnstap-enable: yes
        dnstap-socket-path: "/opt/duser/dnstap-receiver/var/run/dnstap.sock"
        dnstap-send-identity: yes
        dnstap-send-version: yes
        dnstap-log-auth-query-messages: yes
        dnstap-log-auth-response-messages: yes  

dns liikluse visualiseerimine

Tööpõhimõte

prometheus

duser@ns2-nsd-01:~$ docker run -t -i -v /opt/duser/dnstap-receiver/prometheus.yml:/etc/prometheus/prometheus.yml -p 9090:9090 prom/prometheus

kus

# cat /opt/duser/dnstap-receiver/prometheus.yml
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.

alerting:
  alertmanagers:
    - static_configs:
        - targets:

rule_files:

scrape_configs:
  - job_name: "dnscollector"
    scrape_interval: 5s
    static_configs:
      - targets: ["10.40.0.109:8080"]
    basic_auth:
      username: 'admin'
      password: 'changeme'

grafana

duser@ns2-nsd-01:~$ docker run --rm -i -t --name=grafana -p 3000:3000 grafana/grafana

Kasulikud lisamaterjalid

• TODO