dnstap collector: decode query zone field

README.md

@@ -1,8 +1,8 @@
 <p align="center">
 <img src="https://goreportcard.com/badge/github.com/dmachard/go-dns-collector" alt="Go Report"/>
 <img src="https://img.shields.io/badge/go%20version-min%201.20-green" alt="Go version"/>
-<img src="https://img.shields.io/badge/go%20tests-414-green" alt="Go tests"/>
-<img src="https://img.shields.io/badge/go%20lines-38159-green" alt="Go lines"/>
+<img src="https://img.shields.io/badge/go%20tests-417-green" alt="Go tests"/>
+<img src="https://img.shields.io/badge/go%20lines-38329-green" alt="Go lines"/>
 </p>
 
 <p align="center">
@@ -50,7 +50,7 @@
     - [`Stdout`](docs/loggers/logger_stdout.md) console in text or binary output
     - [`File`](docs/loggers/logger_file.md) with automatic rotation and compression
   - *Provide metrics and API*
-    - [`Prometheus`](docs/loggers/logger_prometheus.md) metrics
+    - [`Prometheus`](docs/loggers/logger_prometheus.md) exporter
     - [`Statsd`](docs/loggers/logger_statsd.md) support
     - [`REST API`](docs/loggers/logger_restapi.md) with [swagger](https://generator.swagger.io/?url=https://raw.githubusercontent.com/dmachard/go-dnscollector/main/docs/swagger.yml) to search DNS domains
   - *Send to remote host with generic transport protocol*

config.yml

@@ -30,6 +30,12 @@ global:
   # - version: dnstap version
   # - extra: dnstap extra as string
   # - operation: dnstap operation
+  # - policy-rule: dnstap policy rule
+  # - policy-type: dnstap policy type
+  # - policy-action: dnstap policy action
+  # - policy-match: dnstap policy match
+  # - policy-value: dnstap policy value
+  # - quey-zone: dnstap query zone
   # - opcode: dns opcode (integer)
   # - rcode: dns return code
   # - queryip: dns query ip

dnsutils/message.go

@@ -148,6 +148,7 @@ type DNSTap struct {
 	PolicyAction     string  `json:"policy-action"`
 	PolicyValue      string  `json:"policy-value"`
 	PeerName         string  `json:"peer-name"`
+	QueryZone        string  `json:"query-zone"`
 }
 
 type PowerDNS struct {
@@ -267,6 +268,7 @@ func (dm *DNSMessage) Init() {
 		PolicyAction:     "-",
 		PolicyValue:      "-",
 		PeerName:         "-",
+		QueryZone:        "-",
 	}
 
 	dm.DNS = DNS{
@@ -628,6 +630,8 @@ func (dm *DNSMessage) ToTextLine(format []string, fieldDelimiter string, fieldBo
 			s.WriteString(dm.DNSTap.PolicyMatch)
 		case directive == "policy-value":
 			s.WriteString(dm.DNSTap.PolicyValue)
+		case directive == "query-zone":
+			s.WriteString(dm.DNSTap.QueryZone)
 		case directive == "operation":
 			s.WriteString(dm.DNSTap.Operation)
 		case directive == "rcode":

dnsutils/message_test.go

@@ -205,7 +205,8 @@ func TestDnsMessage_Json_Reference(t *testing.T) {
 				  "policy-match": "-",
 				  "policy-value": "-",
 				  "policy-rule": "-",
-				  "peer-name": "-"
+				  "peer-name": "-",
+				  "query-zone": "-"
 				}
 			}
 			`
@@ -262,6 +263,7 @@ func TestDnsMessage_JsonFlatten_Reference(t *testing.T) {
 					"dnstap.policy-match": "-",
 					"dnstap.policy-value": "-",
 					"dnstap.peer-name": "-",
+					"dnstap.query-zone": "-",
 					"edns.dnssec-ok": 0,
 					"edns.options": [],
 					"edns.rcode": 0,
@@ -599,6 +601,11 @@ func TestDnsMessage_TextFormat_DefaultDirectives(t *testing.T) {
 			dm:       DNSMessage{DNSTap: DNSTap{PeerName: "testpeer"}},
 			expected: "testpeer",
 		},
+		{
+			format:   "query-zone",
+			dm:       DNSMessage{DNSTap: DNSTap{QueryZone: "queryzone.test"}},
+			expected: "queryzone.test",
+		},
 	}
 
 	for _, tc := range testcases {

docs/configuration.md

@@ -76,6 +76,7 @@ Default directives:
 - `policy-action`: dnstap policy action
 - `policy-match`: dnstap policy match
 - `policy-value`: dnstap policy value
+- `query-zone`: dnstap query zone
 - `opcode`: dns opcode (integer)
 - `rcode`: dns return code
 - `queryip`: dns query ip

docs/dnsjson.md

@@ -82,6 +82,7 @@ Example:
     "policy-action": "-",
     "policy-match": "-",
     "policy-value": "-",
+    "query-zone": "-",
   }
 }
 ```
@@ -125,6 +126,7 @@ Using flat-json requires more processing on the host running go-dnscollector but
   "dnstap.policy-action": "-",
   "dnstap.policy-match": "-",
   "dnstap.policy-value": "-",
+  "dnstap.query-zone": "-",
   "edns.dnssec-ok": 0,
   "edns.options.0.code": 10,
   "edns.options.0.data": "-",

processors/dnstap.go

@@ -314,6 +314,15 @@ RUN_LOOP:
 				dm.DNSTap.PolicyValue = policyValue
 			}
 
+			queryZone := dt.GetMessage().GetQueryZone()
+			if len(queryZone) > 0 {
+				qz, _, err := dnsutils.ParseLabels(0, queryZone)
+				if err != nil {
+					d.LogError("invalid query zone: %v - %v", err, queryZone)
+				}
+				dm.DNSTap.QueryZone = qz
+			}
+
 			// compute timestamp
 			ts := time.Unix(int64(dm.DNSTap.TimeSec), int64(dm.DNSTap.TimeNsec))
 			dm.DNSTap.Timestamp = ts.UnixNano()