Hi St├ęphane,

On 9/22/19 10:21 AM, Stephane Bortzmeyer wrote:
> I tried to log every query with:
> 
> addAction(AllRule(), LogAction("/tmp/dnsdist.log", false, true, false))
> 
> buffered=false is here to be sure I see the queries immediately.
> 
> dnsdist knows about the action:
> 
>> showRules()
> #     Matches Rule                                                     Action
> 0           0 IP (/32, /64) match for QPS over 100 burst 100           drop
> 1          68 All                                                      log to 
> /tmp/dnsdist.log
> 
> /tmp/dnsdist.log is created (world-readable!) but nothing appears in
> it. topQueries() show that I do receive queries.
> 
> % dnsdist --version
> dnsdist 1.4.0-rc2 (Lua 5.1.4 [LuaJIT 2.0.5])
> Enabled features: dns-over-tls(gnutls openssl) dns-over-https(DOH) ebpf fstrm 
> ipcipher libsodium lmdb protobuf recvmmsg/sendmmsg systemd
> 
> Is it a problem specific to RC?

I just did a few tests and I'm afraid I can't reproduce the issue, I do
get a new line in the log file for every incoming query. How are you
starting dnsdist? Would you be able to check with lsof if the dnsdist
process has an open file descriptor to the log file?

If you are using our systemd unit file, note that we do set
PrivateTmp=true for security reasons, meaning that you'll need to look
for the actual log file in
/tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of
/tmp/dnsdist.log.

Regarding the world-readable permissions we rely on the process' umask
value, but perhaps we should enforce some stricter mode here.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Reply via email to