On 6/22/21 11:10 AM, Russell Sutherland via Unbound-users wrote:
I want to be able to mirror the UDP port 53 going to my unbound instance for
the purposes of testing out a new external DNS firewall service which we want
eventually to start forwarding to. I want to be able to e.g. compare the
responses with and without the service.
I don't see any unbound feature or module to do this. Forwarding seems to go
to one of the external caching servers given in the forward-addr: section.
Any ideas of tools which allow me to do this? I am running unbound under both
Ubuntu 20.04 LTS as well as OpenBSD 6.9
You might want to take a look at nfdump and potentially netgraph. I've
used both for intrusion detection purposes on FreeBSD, and I believe
nfdump is supported on OpenBSD - ymmv on linux though:
https://github.com/phaag/nfdump
alternatively you can probably achieve the goal of just mirroring data
(rather than copying, capturing and replaying) using a bridge(4) device
on OpenBSD via ifconfig(8) (specifically "addspan":
https://man.openbsd.org/ifconfig.8
Hope this helps,
-pete
--
Pete Wright
[email protected]
@nomadlogicLA
