Hello, Network sniffing based logging is one option. Additionally, PowerDNS Recursor itzelf can log client queries and/or repsonses using protobufs. It also can log outgoing queries and/or their responses in dnstap format.
Both methods can handle large query loads. See https://docs.powerdns.com/recursor/lua-config/protobuf.html dnsdist also has various options for logging. -Otto On Tue, Jun 14, 2022 at 08:10:20PM +0200, Klaus Darilion via Pdns-users wrote: > Hi Dmitriy! > > Recently we had a similar requirement for our resolvers (which only do query > logging, not response logging) and we decided to use packetbeat for this > purpose. IT should be easy to integrate if you have an existing Elasic Search > cluster! > > regards > Klaus > > Von: Pdns-users <pdns-users-boun...@mailman.powerdns.com> Im Auftrag von > frank+pdns--- via Pdns-users > Gesendet: Dienstag, 14. Juni 2022 15:23 > An: Dmitriy Koff <irishman...@gmail.com> > Cc: pdns-users-ml <pdns-users@mailman.powerdns.com> > Betreff: Re: [Pdns-users] PowerDNS Authoritative 4.6.2, how to log served > responses (i.e. NOERROR, NXDOMAIN, SERVFAIL, etc)? > > Hi Dmitriy, > > https://doc.powerdns.com/authoritative/settings.html#log-dns-queries states > that it logs "all incoming DNS queries", not the results. > > If you want to log the results, you'll need to either increase the loglevel, > tcpdump the results and parse those, or add something in front of the server > (eg dnsdist) where you'd capture the result codes and log. > > Frank > > > > > On 14 Jun 2022, at 13:38, Dmitriy Koff via Pdns-users > <pdns-users@mailman.powerdns.com<mailto:pdns-users@mailman.powerdns.com>> > wrote: > > Hello! > > I'm trying to configure log for PowerDNS (4.6.2) and cannot figure how to log > served responses (i.e. NOERROR, NXDOMAIN, SERVFAIL, etc) > /etc/pdns/pdns.conf (parameters regarding logs) > loglevel=5 > log-dns-details=yes > log-dns-queries=yes > query-logging=no > > # nslookup example.com<http://example.com/> 127.0.0.1 > Server: 127.0.0.1 > Address: 127.0.0.1#53 > ** server can't find example.com<http://example.com/>: NXDOMAIN > > All i've got in log is packetcache status of request (miss or hit) -- > "Remote 127.0.0.1 wants 'example.com<http://example.com/>|A', do = 0, bufsize > = 512: packetcache MISS" > > Expected something like > "Remote 127.0.0.1 wants 'example.com<http://example.com/>|A', do = 0, bufsize > = 512: packetcache MISS, NXDOMAIN" > > Thanks in advance. > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com<mailto:Pdns-users@mailman.powerdns.com> > https://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
