Dnstap

Sissejuhatus

dns-collector

dns-collector https://github.com/dmachard/go-dns-collector kasutamiseks sobib öelda

duser@ns2-nsd-01:~/dnstap-receiver$ docker run --rm -i -t -v /opt/duser/dnstap-receiver/var-run:/var/run -v /opt/duser/dnstap-receiver/dnscollector.conf:/etc/dnscollector/config.yml --name=dnscollector01 dmachard/go-dnscollector

kus

• konteineris töötav .sock mapping - /opt/duser/dnstap-collector/var-run -> /var/run
• konteineris töötav dns collector seadistusfail - /opt/duser/dnstap-collector/dnscollector.conf -> /etc/dnscollector/config.yml

dns collector seadistusfail

root@ns2-nsd-01:~# cat /opt/duser/dnstap-receiver/dnscollector.conf 
trace:
  verbose: true
  log-malformed: false
  filename: ""
  max-size: 10
  max-backups: 10

multiplexer:
  collectors:
    - name: tap_in
      dnstap:
        sock-path: /var/run/dnstap.sock

  loggers:
    - name: std_out
      logfile:
        file-path:  "/var/run/dnstap.log"
        max-size: 100
        max-files: 10
        mode: text
        text-format: "localtime identity qr queryip family protocol qname qtype rcode answer"

  routes:
    - from: [ tap_in ]
      to: [ std_out ]

kus

• TODO

Protesside käivitamise tegevuste järjekord

• kõik protsessid seisavad
• käivitatakse dns collector docker konteiner
• kohendatakse host peal loabitte

root@ns2-nsd-01:~# chmod 0666 /opt/duser/dnstap-receiver/var-run/dnstap.sock

• käivitatakse nsd protsess

root@ns2-nsd-01:~# systemctl start nsd

Tulemusena tekib päringu puhul

$ dig @10.400.0.11 _dmarc.talechh.ee txt

logi

root@ns2-nsd-01:~# tail -n 1  -f /opt/duser/dnstap-receiver/var-run/dnstap.log 
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d;

Kasulikud lisamaterjalid

• TODO