From: Remi Gacogne Date: Tue, 12 Apr 2016 16:54:28 +0000 (+0200) Subject: dnsdist: Document our remote logging feature X-Git-Tag: dnsdist-1.0.0-beta1~5^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27dfcc14828f3643ba2a6d7b4cc2207a239278b7;p=pdns dnsdist: Document our remote logging feature --- diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index 624b42f8c..583050da6 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -323,6 +323,11 @@ Current actions are: * Modify query to clear the RD or CD bit * Add the source MAC address to the query (MacAddrAction) * Skip the cache, if any + * Log query content to a remote server (RemoteLogAction) + +Current response actions are: + + * Log response content to a remote server (RemoteLogResponseAction) Rules can be added via: @@ -339,6 +344,10 @@ Rules can be added via: * addQPSLimit(DNS rule, qps limit) * addQPSPoolRule(DNS rule, qps limit, destination pool) +Response rules can be added via: + + * addResponseAction(DNS rule, DNS Response Action) + A DNS rule can be: * an AllRule @@ -1027,6 +1036,8 @@ instantiate a server with additional parameters * `QPSPoolAction(maxqps, poolname)`: set the packet into the specified pool only if it **does not** exceed the specified QPS limits, letting the subsequent rules apply otherwise * `QPSAction(rule, maxqps)`: drop these packets if the QPS limits are exceeded * `RCodeAction(rcode)`: reply immediatly by turning the query into a response with the specified rcode + * `RemoteLogAction(RemoteLogger)`: send the content of this query to a remote logger via Protocol Buffer + * `RemoteLogResponseAction(RemoteLogger)`: send the content of this response to a remote logger via Protocol Buffer * `SkipCacheAction()`: don't lookup the cache for this query, don't store the answer * `SpoofAction(ip[, ip])` or `SpoofAction({ip, ip, ..}): forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in * `SpoofCNAMEAction(cname)`: forge a response with the specified CNAME value @@ -1159,6 +1170,8 @@ instantiate a server with additional parameters * `generateDNSCryptCertificate("/path/to/providerPrivate.key", "/path/to/resolver.cert", "/path/to/resolver.key", serial, validFrom, validUntil):` generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key * `printDNSCryptProviderFingerprint("/path/to/providerPublic.key")`: display the fingerprint of the provided resolver public key * `showDNSCryptBinds():`: display the currently configured DNSCrypt binds + * RemoteLogger related: + * `newRemoteLogger(address:port)`: create a Remote Logger object, to use with `RemoteLogAction()` and `RemoteLogResponseAction()` All hooks --------- diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index f9fafc60f..0be450198 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -194,6 +194,7 @@ char* my_generator(const char* text, int state) "addDisableValidationRule(", "addDNSCryptBind(", "addDomainBlock(", "addDomainSpoof(", "addDynBlocks(", "addLocal(", "addLuaAction(", "addNoRecurseRule(", "addPoolRule(", "addQPSLimit(", "addQPSPoolRule(", + "addResponseAction(", "AllowAction(", "AllRule(", "AndRule(", "benchRule(", "carbonServer(", "controlSocket(", "clearDynBlocks()", @@ -206,10 +207,11 @@ char* my_generator(const char* text, int state) "getServer(", "getServers()", "grepq(", "leastOutstanding", "LogAction(", "makeKey()", "MaxQPSIPRule(", "MaxQPSRule(", "mvRule(", - "newDNSName(", "newQPSLimiter(", "newServer(", "newServerPolicy(", - "newSuffixMatchNode(", "NoRecurseAction(", + "newDNSName(", "newQPSLimiter(", "newRemoteLogger(", "newServer(", + "newServerPolicy(", "newSuffixMatchNode(", "NoRecurseAction(", "PoolAction(", "printDNSCryptProviderFingerprint(", - "RegexRule(", "rmRule(", "rmServer(", "roundrobin", + "RegexRule(", "RemoteLogAction(", "RemoteLogResponseAction(", "rmRule(", + "rmServer(", "roundrobin", "QTypeRule(", "setACL(", "setDNSSECPool(", "setECSOverride(", "setECSSourcePrefixV4(", "setECSSourcePrefixV6(", "setKey(", "setLocal(",