Knot resolver module stats - query source ip - knot-resolver-users Digest, Vol 31, Issue 1
24 Čec
2018
24 Čec
'18
13:34
Hello Petr,
This a good news, that query source IP would be planned in the future module version.
I would like to answer your related notes like:
- How many 'most frequent' IP addresses you want to get? - It is better to do the
list as variable items, someone needs to list top 10 and someone 1000.
- Should the number of addresses be configurable? yes
- Do you consider query from the same IP but different port as 'different client'
or not? (E.g. clients behind NAT?) In my case, it is not a topic function.
- Should IP addresses be somehow tied to most frequent query names or not? yes, it will be
better to know frequented queries to domain names.
- Do you need a way to flush the table on fly? An option to clear statistic list and count
it since a specific time range sound as a good idea.
In the case when I´m not so familiar with Lua, where should be added your code part?
Best regards,
Milan Sýkora
-----Original Message-----
From: knot-resolver-users [mailto:knot-resolver-users-bounces@lists.nic.cz] On Behalf Of
knot-resolver-users-request(a)lists.nic.cz
Sent: Tuesday, July 24, 2018 12:00 PM
To: knot-resolver-users(a)lists.nic.cz
Subject: knot-resolver-users Digest, Vol 31, Issue 1
Send knot-resolver-users mailing list submissions to
knot-resolver-users(a)lists.nic.cz
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users
or, via email, send a message with subject or body 'help' to
knot-resolver-users-request(a)lists.nic.cz
You can reach the person managing the list at
knot-resolver-users-owner(a)lists.nic.cz
When replying, please edit your Subject line so it is more specific than "Re:
Contents of knot-resolver-users digest..."
Today's Topics:
1. Knot resolver module stats - query source ip (Sýkora Milan)
2. Re: Knot resolver module stats - query source ip (Petr Špaček)
----------------------------------------------------------------------
Message: 1
Date: Tue, 24 Jul 2018 07:32:52 +0000
From: Sýkora Milan <milan.sykora(a)cetin.cz>
To: "knot-resolver-users(a)lists.nic.cz"
<knot-resolver-users(a)lists.nic.cz>
Subject: [knot-resolver-users] Knot resolver module stats - query
source ip
Message-ID: <365048c9e5ae48c699c079fee6343a5f(a)cewexch402.ad.cetin>
Content-Type: text/plain; charset="iso-8859-2"
Hello,
I have your cool DNS resolver in version 2.3.0, I know that was released newest version.
My question is - is it possible to explore the most frequented IP (queries source) in the
module stats? Or exist any other way how to achieve it?
Many thanks for your answer in the future, Best regards.
Milan Sýkora
Obsah této zprávy má výlučně komunikační charakter. Nepředstavuje návrh na uzavření
smlouvy či na její změnu ani přijetí případného návrhu. Smlouvy či jejich změny jsou
společností Česká telekomunikační infrastruktura a.s. uzavírány v písemné formě nebo v
podobě a postupem podle příslušných všeobecných podmínek společnosti Česká telekomunikační
infrastruktura a.s., a pokud jsou dohodnuty všechny náležitosti. Smlouvy jsou uzavírány
oprávněnou osobou na základě písemného pověření. Smlouvy o smlouvě budoucí jsou uzavírány
výhradně v písemné formě, vlastnoručně podepsané nebo s uznávaným elektronickým podpisem.
Podmínky, za nichž Česká telekomunikační infrastruktura a.s. přistupuje k jednání o
smlouvě a jakými se řídí, jsou dostupné
zde<https://www.cetin.cz/cs/jak-cetin-vyjednava-o-smlouve>.
The content of this message is intended for communication purposes only. It does neither
represent any contract proposal, nor its amendment or acceptance of any potential contract
proposal. Česká telekomunikační infrastruktura a.s. concludes contracts or amendments
thereto in a written form or in the form and the procedure in accordance with relevant
general terms and conditions of Česká telekomunikační infrastruktura a.s., if all
requirements are agreed. Contracts are concluded by an authorized person entitled on the
basis of a written authorization. Contracts on a future contract are concluded solely in a
written form, self-signed or signed by means of an advanced electronic signature. The
conditions under which Česká telekomunikační infrastruktura a.s. negotiates contracts and
under which it proceeds are available
here<https://www.cetin.cz/en/jak-cetin-vyjednava-o-smlouve>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nic.cz/pipermail/knot-resolver-users/attachments/20180724/cc47f7b9/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 24 Jul 2018 11:05:51 +0200
From: Petr Špaček <petr.spacek(a)nic.cz>
To: knot-resolver-users(a)lists.nic.cz
Subject: Re: [knot-resolver-users] Knot resolver module stats - query
source ip
Message-ID: <2a769de2-3b70-7d6f-5476-4bc7bd48fa8b(a)nic.cz>
Content-Type: text/plain; charset=UTF-8
Hello,
at the moment there is no built-in module with this statistics but it can be hacked around
(see below).
BTW we plan to to rework stats so it would be very valuable to get your requirements!
To make sure future version contains what you need, can you specify what kind of data +
what configuration you want to get? For example:
- How many 'most frequent' IP addresses you want to get?
- Should the number of addresses be configurable?
- Do you consider query from the same IP but different port as 'different client'
or not? (E.g. clients behind NAT?)
- Should IP addresses be somehow tied to most frequent query names or not?
- Do you need a way to flush the table on fly?
For now you can use the following Lua config snippet to log client IP addresses.
-- start of config snippet
function LOG_IP(state, req)
req = kres.request_t(req)
if req.qsource == nil or req.qsource.addr == nil then
-- internal request, no source
return state end
print('query from IP ' .. tostring(req.qsource.addr))
return -- continue with other policy rules end
policy.add(policy.all(LOG_IP))
-- end of config snipper
Output looks like this:
"query from IP ::1#56927"
This can be further processed by your log processing system to get aggregate numbers over
all resolvers or alternativelly it can be extended using LRU library in Lua to get stats
for single resolver.
I hope it helps.
Petr Špaček @ CZ.NIC
On 24.7.2018 09:32, Sýkora Milan wrote:
Hello,
I have your cool DNS resolver in version 2.3.0, I know that was
released newest version.
My question is – is it possible to explore the most frequented IP
(queries source) in the module stats? Or exist any other way how to
achieve it?
Many thanks for your answer in the future,
Best regards.
*Milan Sýkora***
------------------------------
Subject: Digest Footer
--
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users
Please change Subject line before before you reply to a digest message!
------------------------------
End of knot-resolver-users Digest, Vol 31, Issue 1
**************************************************
Obsah této zprávy má výlučně komunikační charakter. Nepředstavuje návrh na uzavření
smlouvy či na její změnu ani přijetí případného návrhu. Smlouvy či jejich změny jsou
společností Česká telekomunikační infrastruktura a.s. uzavírány v písemné formě nebo v
podobě a postupem podle příslušných všeobecných podmínek společnosti Česká telekomunikační
infrastruktura a.s., a pokud jsou dohodnuty všechny náležitosti. Smlouvy jsou uzavírány
oprávněnou osobou na základě písemného pověření. Smlouvy o smlouvě budoucí jsou uzavírány
výhradně v písemné formě, vlastnoručně podepsané nebo s uznávaným elektronickým podpisem.
Podmínky, za nichž Česká telekomunikační infrastruktura a.s. přistupuje k jednání o
smlouvě a jakými se řídí, jsou dostupné
zde<https://www.cetin.cz/cs/jak-cetin-vyjednava-o-smlouve>.
The content of this message is intended for communication purposes only. It does neither
represent any contract proposal, nor its amendment or acceptance of any potential contract
proposal. Česká telekomunikační infrastruktura a.s. concludes contracts or amendments
thereto in a written form or in the form and the procedure in accordance with relevant
general terms and conditions of Česká telekomunikační infrastruktura a.s., if all
requirements are agreed. Contracts are concluded by an authorized person entitled on the
basis of a written authorization. Contracts on a future contract are concluded solely in a
written form, self-signed or signed by means of an advanced electronic signature. The
conditions under which Česká telekomunikační infrastruktura a.s. negotiates contracts and
under which it proceeds are available
here<https://www.cetin.cz/en/jak-cetin-vyjednava-o-smlouve>.
24 Čec
24 Čec
16:59
Hello Milan,
if you want to experiment with the code example just append the code to
the end of your config file. That should be enough (assuming you did not
change the default policy configuration significantly).
I have one additional question for you:
- Should IP addresses be somehow tied to most frequent
query names or
not? yes, it will be better to know frequented queries to domain
names.
Please send us an example of output you want to have, I would like to
see what information you are looking for.
Thank you for your time.
Petr Špaček @ CZ.NIC
On 24.7.2018 13:34, Sýkora Milan wrote:
> Hello Petr,
>
> This a good news, that query source IP would be planned in the future module
version.
>
> I would like to answer your related notes like:
> - How many 'most frequent' IP addresses you want to get? - It is better to do
the list as variable items, someone needs to list top 10 and someone 1000.
> - Should the number of addresses be configurable? yes
> - Do you consider query from the same IP but different port as 'different
client' or not? (E.g. clients behind NAT?) In my case, it is not a topic function.
> - Should IP addresses be somehow tied to most frequent query names or not? yes, it
will be better to know frequented queries to domain names.
> - Do you need a way to flush the table on fly? An option to clear statistic list and
count it since a specific time range sound as a good idea.
>
> In the case when I´m not so familiar with Lua, where should be added your code part?
>
> Best regards,
> Milan Sýkora
>
> -----Original Message-----
> From: knot-resolver-users [mailto:knot-resolver-users-bounces@lists.nic.cz] On Behalf
Of knot-resolver-users-request(a)lists.nic.cz
> Sent: Tuesday, July 24, 2018 12:00 PM
> To: knot-resolver-users(a)lists.nic.cz
> Subject: knot-resolver-users Digest, Vol 31, Issue 1
>
> Send knot-resolver-users mailing list submissions to
> knot-resolver-users(a)lists.nic.cz
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users
> or, via email, send a message with subject or body 'help' to
> knot-resolver-users-request(a)lists.nic.cz
>
> You can reach the person managing the list at
> knot-resolver-users-owner(a)lists.nic.cz
>
> When replying, please edit your Subject line so it is more specific than "Re:
Contents of knot-resolver-users digest..."
>
>
> Today's Topics:
>
> 1. Knot resolver module stats - query source ip (Sýkora Milan)
> 2. Re: Knot resolver module stats - query source ip (Petr Špaček)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 24 Jul 2018 07:32:52 +0000
> From: Sýkora Milan <milan.sykora(a)cetin.cz>
> To: "knot-resolver-users(a)lists.nic.cz"
> <knot-resolver-users(a)lists.nic.cz>
> Subject: [knot-resolver-users] Knot resolver module stats - query
> source ip
> Message-ID: <365048c9e5ae48c699c079fee6343a5f(a)cewexch402.ad.cetin>
> Content-Type: text/plain; charset="iso-8859-2"
>
> Hello,
>
> I have your cool DNS resolver in version 2.3.0, I know that was released newest
version.
>
> My question is - is it possible to explore the most frequented IP (queries source) in
the module stats? Or exist any other way how to achieve it?
>
>
> Many thanks for your answer in the future, Best regards.
> Milan Sýkora
>
>
> Obsah této zprávy má výlučně komunikační charakter. Nepředstavuje návrh na uzavření
smlouvy či na její změnu ani přijetí případného návrhu. Smlouvy či jejich změny jsou
společností Česká telekomunikační infrastruktura a.s. uzavírány v písemné formě nebo v
podobě a postupem podle příslušných všeobecných podmínek společnosti Česká telekomunikační
infrastruktura a.s., a pokud jsou dohodnuty všechny náležitosti. Smlouvy jsou uzavírány
oprávněnou osobou na základě písemného pověření. Smlouvy o smlouvě budoucí jsou uzavírány
výhradně v písemné formě, vlastnoručně podepsané nebo s uznávaným elektronickým podpisem.
Podmínky, za nichž Česká telekomunikační infrastruktura a.s. přistupuje k jednání o
smlouvě a jakými se řídí, jsou dostupné
zde<https://www.cetin.cz/cs/jak-cetin-vyjednava-o-smlouve>.
>
> The content of this message is intended for communication purposes only. It does
neither represent any contract proposal, nor its amendment or acceptance of any potential
contract proposal. Česká telekomunikační infrastruktura a.s. concludes contracts or
amendments thereto in a written form or in the form and the procedure in accordance with
relevant general terms and conditions of Česká telekomunikační infrastruktura a.s., if all
requirements are agreed. Contracts are concluded by an authorized person entitled on the
basis of a written authorization. Contracts on a future contract are concluded solely in a
written form, self-signed or signed by means of an advanced electronic signature. The
conditions under which Česká telekomunikační infrastruktura a.s. negotiates contracts and
under which it proceeds are available
here<https://www.cetin.cz/en/jak-cetin-vyjednava-o-smlouve>.
>
2343
days inactive
2343
days old
knot-resolver-users@lists.nic.cz
1 comments
2 participants
participants (2)
-
Petr Špaček -
Sýkora Milan