Hi Stéphane,
On 9/22/19 10:21 AM, Stephane Bortzmeyer wrote:
> I tried to log every query with:
>
> addAction(AllRule(), LogAction("/tmp/dnsdist.log", false, true, false))
>
> buffered=false is here to be sure I see the queries immediately.
>
> dnsdist knows about the action:
>
>> showRules()
> # Matches Rule Action
> 0 0 IP (/32, /64) match for QPS over 100 burst 100 drop
> 1 68 All log to
> /tmp/dnsdist.log
>
> /tmp/dnsdist.log is created (world-readable!) but nothing appears in
> it. topQueries() show that I do receive queries.
>
> % dnsdist --version
> dnsdist 1.4.0-rc2 (Lua 5.1.4 [LuaJIT 2.0.5])
> Enabled features: dns-over-tls(gnutls openssl) dns-over-https(DOH) ebpf fstrm
> ipcipher libsodium lmdb protobuf recvmmsg/sendmmsg systemd
>
> Is it a problem specific to RC?I just did a few tests and I'm afraid I can't reproduce the issue, I do get a new line in the log file for every incoming query. How are you starting dnsdist? Would you be able to check with lsof if the dnsdist process has an open file descriptor to the log file? If you are using our systemd unit file, note that we do set PrivateTmp=true for security reasons, meaning that you'll need to look for the actual log file in /tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of /tmp/dnsdist.log. Regarding the world-readable permissions we rely on the process' umask value, but perhaps we should enforce some stricter mode here. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
