Re: [dnsdist] High-fidelity timestamp in FrameStream logging

[Casey Deccio]

> On Oct 11, 2019, at 11:10 AM, Casey Deccio  wrote:
> 
>> On Oct 11, 2019, at 9:59 AM, Remi Gacogne  wrote:
>> 
>> This seems to be a limitation of dnstap-read, we do export the
>> nanoseconds as defined in the dnstap format, and it looks like
>> dnstap-ldns [1] read them just fine:
> 
> Oh, that is great news.  Thank you!  I knew the issue was somewhere in the 
> pipeline, I just didn't look long/hard enough to figure out where.  I even 
> already had dnstap-ldns installed; I just hadn't tried it yet.

Just FYI, I actually had tried dnstap-ldns before.  The reason I had gone with 
dnstap-read was that I liked the fact that it broke down the packet components 
with finer granularity, e.g., the flags and options in the EDNS section.  I 
guess if I want the higher fidelity timestamp, I'll need to implement that 
breakdown myself.

Casey
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] High-fidelity timestamp in FrameStream logging

[Casey Deccio]

> On Oct 11, 2019, at 9:59 AM, Remi Gacogne  wrote:
> 
> This seems to be a limitation of dnstap-read, we do export the
> nanoseconds as defined in the dnstap format, and it looks like
> dnstap-ldns [1] read them just fine:

Oh, that is great news.  Thank you!  I knew the issue was somewhere in the 
pipeline, I just didn't look long/hard enough to figure out where.  I even 
already had dnstap-ldns installed; I just hadn't tried it yet.

Again, thanks!

Casey
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist

Re: [dnsdist] High-fidelity timestamp in FrameStream logging

[Remi Gacogne]

Hi Casey,

On 10/11/19 5:31 PM, Casey Deccio wrote:
> I am using the following to log queries:
> 
> logger = newFrameStreamTcpLogger("127.0.0.1:4343")
> addAction(AllRule(), DnstapLogAction("foo", logger))
> 
> Then I use this command line to read and produce yaml output:
> 
> fstrm_capture -t protobuf:dnstap.Dnstap -a 127.0.0.1 -p 4343 -w - | 
> dnstap-read -y -p /dev/stdin
> 
> This seems to be working, for the most part.  However, I'm getting only 
> second level- granularity in my messages, e.g.:
> 
> query_time: !!timestamp 2019-10-11T15:29:00Z
> 
> I would really like to see at least milliseconds.

This seems to be a limitation of dnstap-read, we do export the
nanoseconds as defined in the dnstap format, and it looks like
dnstap-ldns [1] read them just fine:

type: MESSAGE
identity: "foo"
version: "dnsdist XX"
message:
  type: CLIENT_QUERY
  query_time: !!timestamp 2019-10-11 15:56:13.476117
  socket_family: INET
  socket_protocol: UDP
  query_address: 127.0.0.1
  response_address: 127.0.0.1
  query_port: 52156
  response_port: 53
  query_message: |
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 8674
;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;powerdns.com.  IN  A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; EDNS: version 0; flags: ; udp: 4096


[1]: https://github.com/dnstap/dnstap-ldns

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/



signature.asc
Description: OpenPGP digital signature
___
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist