Hi Vũ Thị,

thank you for your interest in Knot DNS.

Let me start with some personal opinion. I think that while query logging is useful for debugging purposes, it's generally not a good idea to have it enabled on any production server. The reason is performance. While the authoritative DNS server is able to process millions of queries per second, this is usually far beyond any syslog could handle. There are two dangers: 1) your auth DNS server will be slow, 2) your syslog will be vulnerable to get overwhelmed. [Opinions from other DNS users welcome!]

The dnstap module is designed accordingly: it does not print out queries in textual representation, and it does not put them into syslog. Instead, it dumps the queries in a portable binary format, and puts them either to a file (that can be later translated into textual form) or a pipe (that can be processed continuously). The users are encouraged to create any useful utilities, that are able to read and process those. The performance of dnstap module is quite good.

Nevertheless, some time ago, I created a prototype of querylog module, that simply logs all the queries. It has not been merged to Knot codebase mostly because the lack of interest and lack of good specification. Anyway, it seems to work well even when merged to current master. You might look at it and modify it according to your needs: https://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1154

Unfortunately, I'm not aware of anyone using dnstap in production. Maybe someone on the mailing-list might share their experience?

BR,

Libor

Dne 09.11.20 v 05:06 Vu Thi Hoan napsal(a):

Dear!

We are learning about the Knot DNS to apply to our DNS Authoritative Secondary. However, we are wondering about the query log, i have read the document of DNS Knot Software (Knot DNS Documentation Release 2.9.4/ 8.3 dnstap – Dnstap traffic logging), query log of Knot DNS cannot get directly like BIND9, query log can get by dnstap tool.

For Knot DNS Software, we cannot get log query continuosly and directly to the current syslog server, since raw log need to capture and then read after stop capture.

I wanna to know how to get the query log continously when using Knot DNS or softwares of your DNS and other DNS of organizations have already applied. Can you share with us and help us to deploy Knot DNS to our DNS Authoritative Secondary.

Best Regards,

Vũ Thị Hoàn
=================================================

DNS & VNIX - Trung tâm Internet Việt Nam

Mobile: +84 916 961 631

Email: hoanvt@vnnic.vn