On 06/15/2011 04:31 PM, Alexander Clouter wrote: > Andreas Schulze <[email protected]> wrote: >> I also miss the logging feature. >> >> I also know, I could "tcpdump --foo --voodoo". >> But I do not want read tcpdump's interpretation of a dns packet. >> I like to see what unbound thinks about it. >> > I'm keener to know about the packets unbound cannot parse too, although > hopefully rare :) > > For stats collecting, rather than diagnosis though, this I can see is > not so important. > >> I also dislike running tcpdump as a parser with root privileges. Yes, >> I could capture as root and parse as nobody, but that's not >> comfortable! >> > You don't *capture* as root, you bind to a packet socket as root and > then immediately drop your privileges permanently...it's identical to a > webserver (such as Apache) binding to port 80/tcp as root and then > dropping back to www-data from then onwards. You don't say your CGI > scripts are running as root? ;) > tcpdump on OpenBSD kind of does this, they have 2 processes and use privilege separation.
So the process doing the parsing is a chroot'ed and running as nobody or something similair. That is probably the best way to handle it. But sounds to me like this discussion is way offtopic. :-) > I wrote a packet sniffer, tcpdump/libpcap was too large for my needs, > that does just this: > > http://www.digriz.org.uk/catnip > >> The suggested logging may be switched on/off via unbound-control. >> So the "fast path" is less involved. >> >> I simply want sometimes know, what questions a specific system >> asks. Without voodoo ... >> >> Anyway, as a postmaster, I would throw away any mailer which could not tell >> me >> who is sending/receiving mail. And I would not using tcpdump. >> > Some mail servers have poor logging. > >> As a webmaster, I would not use a webserver unable to to usual logging. >> And also nobody uses tcpdump. >> > As a sysadmin I go straight for tcpdump as typically the web developers > write code that is impossible to debug/diagnose. I know how something > is meant to work, if things go strangely over the wire > >> Why I am advised to do so as dnsmaster ? >> > As it's an option. You can delete files in a directory with: > * find . -maxdepth 1 -type f | xargs -I{} rm '{}' > * find . -maxdepth 1 -type f -delete > * rm * > > Which one you pick is up to *you* and suits your needs the best. > > Cheers > _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
