Skip to content

Latest commit

 

History

History
123 lines (90 loc) · 4.27 KB

collector_dnstap.md

File metadata and controls

123 lines (90 loc) · 4.27 KB

Collector: DNStap

DNS tap

Collector to logging DNStap stream from DNS servers. The traffic can be a tcp or unix DNStap stream. TLS is also supported.

Follow this guide to enable DNStap on your DNS servers: Enabling DNStap logging on most popular DNS servers.

Options:

  • listen-ip (str)

    Set the local address that the server will bind to. If not provided, the server will bind to all available network interfaces (0.0.0.0).

  • listen-port (int)

    Set the local port that the server will listen on. If not provided, use the default port.

  • sock-path (str)

    Specify the path for the Unix socket to be created.

  • tls-support (bool)

    Enables or disables TLS (Transport Layer Security) support. If set to true, TLS will be used for secure communication.

  • tls-min-version (str)

    Specifies the minimum TLS version that the server will support.

  • cert-file (str)

    Specifies the path to the certificate file to be used for TLS. This is a required parameter if TLS support is enabled.

  • key-file(str)

    Specifies the path to the key file corresponding to the certificate file. This is a required parameter if TLS support is enabled.

  • sock-rcvbuf (int)

    This advanced parameter allows fine-tuning of network performance by adjusting the amount of data the socket can receive before signaling to the sender to slow down. Sets the socket receive buffer in bytes SO_RCVBUF. Set to zero to use the default system value.

  • reset-conn (bool)

    Set whether to send a TCP Reset to force the cleanup of the connection on the remote side when the server exits.

  • chan-buffer-size (int)

    Specifies the maximum number of packets that can be buffered before discard additional packets. Set to zero to use the default global value.

  • disable-dnsparser" (bool)

    Disable the minimalist DNS parser. Some JSON keys should not be available, such as dns.id, dns.flags, ...

  • extended-support (bool)

    Decode the extended extra field sent by DNScollector. If this setting is enabled, DNScollector will expect receiving the specific protobuf structure in the extra field, which must be sent by another DNS collector. This field will contain additional metadata generated by various transformations such as filtering, ATags, and others.

  • compression (string)

    Specifies the compression algorithm to use. Compression for DNStap messages: none, gzip, lz4, snappy, zstd.

Defaults:

- name: dnstap
  dnstap:
    listen-ip: 0.0.0.0
    listen-port: 6000
    sock-path: null
    tls-support: false
    tls-min-version: 1.2
    cert-file: ""
    key-file: ""
    sock-rcvbuf: 0
    reset-conn: true
    chan-buffer-size: 0
    disable-dnsparser: true
    extended-support: false
    compression: none

DNS tap Proxifier

Collector that receives DNSTAP traffic and relays it without decoding or transformations. This collector must be used with the DNStap logger.

Dnstap stream collector can be a tcp or unix socket listener. TLS is also supported.

For config examples, take a look to the following one

Options:

  • listen-ip (str)

    Set the local address that the server will bind to. If not provided, the server will bind to all available network interfaces (0.0.0.0).

  • listen-port (int)

    Set the local port that the server will listen on. If not provided, use the default port.

  • sock-path (str)

    Specify the path for the Unix socket to be created.

  • tls-support (bool)

    Enables or disables TLS (Transport Layer Security) support. If set to true, TLS will be used for secure communication.

  • tls-min-version (str)

    Specifies the minimum TLS version that the server will support.

  • cert-file (str)

    Specifies the path to the certificate file to be used for TLS. This is a required parameter if TLS support is enabled.

  • key-file(str)

    Specifies the path to the key file corresponding to the certificate file. This is a required parameter if TLS support is enabled.

Defaults

- name: relay
  dnstap-relay:
    listen-ip: 0.0.0.0
    listen-port: 6000
    sock-path: null
    tls-support: false
    tls-min-version: 1.2
    cert-file: ""
    key-file: ""