Hi Lorenzo,

Use log-queries: yes and with the patch below it then looks like this
in the log: info: e96a ::1@57367 www.nlnetlabs.nl. A IN


Index: daemon/worker.c
===================================================================
--- daemon/worker.c     (revision 3862)
+++ daemon/worker.c     (working copy)
@@ -857,8 +857,11 @@
        }
        if(worker->env.cfg->log_queries) {
                char ip[128];
+               char extended[256];
+               uint16_t port = ntohs(((struct 
sockaddr_in*)&repinfo->addr)->sin_port);
                addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
-               log_nametypeclass(0, ip, qinfo.qname, qinfo.qtype, 
qinfo.qclass);
+               snprintf(extended, sizeof(extended), "%4.4x %s@%d",
(unsigned)LDNS_ID_WIRE(sldns_buffer_begin(c->buffer)), ip, (int)port);
+               log_nametypeclass(0, extended, qinfo.qname, qinfo.qtype, 
qinfo.qclass);
        }
        if(qinfo.qtype == LDNS_RR_TYPE_AXFR ||
                qinfo.qtype == LDNS_RR_TYPE_IXFR) {


Best regards, Wouter

On 16/09/16 09:32, Lorenzo Mainardi via Unbound-users wrote:
> Hello to all,
> 
> how can I log source port and Query-ID?
> 
> It would be perfect have it to detect some kind of attacks.
> 
> Regards
> 
> 
> 
> * *
> 
> *dig**it**el*
> 
> 
> 
> Via della Fortezza 6 - 50129 Firenze
> 
> www.digitelitalia.com <http://www.digitelitalia.com/> - 800 901
> 669
> 
> 
> 
> Ing. Lorenzo Mainardi//
> 
> 
> 
> Tel +39 055 4624933
> 
> Fax +39 055 4624 947
> 
> l...@digitelitalia.com <mailto:l...@digitelitalia.com>
> 
> 
> 
> 
> 

Reply via email to