Hello guys,
I’m posting a message because I lost few hours to try to configure and use dnstap without positive success.
I compiled unbound with no issues.
I installed all the dependencies to perform the unbound compilation with dnstap option (protocol buffer, fstrm…)
I used the following configure command:
./configure --prefix=/etc/unbound/unbound-1.9.4 --enable-dnstap --with-pthreads
make
make install
Then I created the unbound user, because if I have well understood, unbound try to run the daemon automatically with this user.
My unbound.conf.options content:
remote-control:
control-enable: yes
control-interface: 0.0.0.0
control-port: 8953
server:
access-control: 0.0.0.0/0 allow
interface: 0.0.0.0
hide-identity: yes
hide-version: yes
prefetch: yes
rrset-roundrobin: yes
minimal-responses: no
serve-expired: yes
use-syslog: yes
logfile: “/var/log/unbound/unbound.log”
dnstap:
dnstap-enable: yes
dnstap-socket-path: “/var/log/unbound/unbound-dnstap.sock”
dnstap-send-identity: yes
dnstap-send-version: yes
dnstap-log-client-query-messages: yes
dnstap-log-client-response-messages: yes
dnstap-log-forwarder-query-messages: yes
dnstap-log-forwarder-response-messages: yes
dnstap-log-resolver-query-messages: yes
dnstap-log-resolver-response-messages: yes
Note that the /var/log/unbound folder has the good right with unbound user as owner and group.
Then, before to start the unbound service, I run the fstrm socket with the command below:
sudo -u unbound /usr/local/bin/fstrm_capture -t protobuf:dnstap.Dnstap -u /var/log/unbound/unbound-dnstap.sock -w /var/log/unbound/unbound.dnstap
fstrm_capture: opening Unix socket path /var/log/unbound/unbound-dnstap.sock
fstrm_capture: opened output file /var/log/unbound/unbound.dnstap
And seems OK when I check with netstat command:
unix 2 [ ACC ] STREAM LISTENING 17808855 /var/log/unbound/unbound-dnstap.sock
Finally, when I start the unbound daemon, I have the warning related to dnstap socket below:
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] warning: could not open dnstap-socket-path: /var/log/unbound/unbound-dnstap.sock, No such file or directory
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap identity field set to “ddnflxbuild001”
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap version field set to “unbound 1.9.4”
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap Message/RESOLVER_QUERY enabled
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap Message/RESOLVER_RESPONSE enabled
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap Message/CLIENT_QUERY enabled
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap Message/CLIENT_RESPONSE enabled
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap Message/FORWARDER_QUERY enabled
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] notice: dnstap Message/FORWARDER_RESPONSE enabled
Oct 11 18:25:51 ddnflxbuild001 unbound[70926]: [1570811151] unbound[70926:0] info: start of service (unbound 1.9.4).
I tried another folder like the same where unbound is installed. No more better result and I have no more ideas…
Also, please note that I configured Bind with dnstap on the same machine and it works well.
Thanks a lot for your help.