Dnstap frame stream also contains source port and whole DNS
message including query id.

 $ dnstap-ldns -y -r /tmp/dnstap.out

 type: MESSAGE
 identity: "dns01"
 version: "unbound 1.5.9"
 message:
   type: CLIENT_QUERY
   query_time: !!timestamp 2016-09-17 07:45:35.903922
   socket_family: INET6
   socket_protocol: UDP
   query_address: ::1
   query_port: 49332
   query_message: |
     ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59383
     ;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

     ;; QUESTION SECTION:
     ;www.google.com.    IN      A

     ;; EDNS: version 0; flags: ; udp: 4096

  Unbound's dnstap feature works well (you will need to
install some not-so-common libraries to build!) but it is not well
documented, for example not described in unbound.conf(5).
Still experimental feature?

-- 
Daisuke Higashi

Reply via email to