DNSTAP with NSD 4.2.4

QSCAcBij · January 23, 2020, 3:51pm

Hello,

I installed NSD version 4.2.4 and configured it with dnstap enabled.

Here’s the dnstap portion from both my nsd.conf

dnstap:

set this to yes and set one or more of dnstap-log-..-messages to yes.

dnstap-enable: yes
dnstap-socket-path: “/var/run/dnstap.sock”
dnstap-send-identity: no
dnstap-send-version: no

dnstap-identity: “”

dnstap-version: “”

dnstap-log-auth-query-messages: yes
dnstap-log-auth-response-messages: yes

I started a fstrm_capture listener before I started the nsd-control and it created the dnstap.sock in the right directory as necessary with this: sudo fstrm_capture -t protobuf:dnstap.Dnstap -u /var/run/dnstap.sock -w /home/USERNAME/FOLDER/FILENAME.dnstap

I am not sure what I am missing. When I try to read this FILENAME.dnstap file I still don’t see any output.

There are no errors pertaining to nsd in syslog either.

Greg_Bock · January 23, 2020, 7:21pm

Hello,

I installed NSD version 4.2.4 and configured it with dnstap enabled.
Here's the dnstap portion from both my nsd.conf
dnstap:
        # set this to yes and set one or more of dnstap-log-..-messages to yes.
        dnstap-enable: yes
        dnstap-socket-path: "/var/run/dnstap.sock"
        dnstap-send-identity: no
        dnstap-send-version: no
        # dnstap-identity: ""
        # dnstap-version: ""
        dnstap-log-auth-query-messages: yes
        dnstap-log-auth-response-messages: yes
I started a fstrm_capture listener before I started the nsd-control and it created the dnstap.sock in the right directory as necessary with this: sudo fstrm_capture -t protobuf:dnstap.Dnstap -u /var/run/dnstap.sock -w /home/USERNAME/FOLDER/FILENAME.dnstap

I am not sure what I am missing. When I try to read this FILENAME.dnstap file I still don't see any output.
There are no errors pertaining to nsd in syslog either.

What are ownership and permissions on /var/run/dnstap.sock? I would guess that the user NSD is running as does not have permissions to write to the socket.

QSCAcBij · January 23, 2020, 9:47pm

root has permissions to the /var/run/dnstap.sock socket file.
NSD also running as root, when I run using "sudo nsd-control start", right?

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

mimuret · January 24, 2020, 3:10am

try:
  mkdir /var/run/nsd
   chown nsd:nsd /var/run/nsd
  sudo -u nsd fstrm_capture -t protobuf:dnstap.Dnstap -u /var/run/nsd/dnstap.sock -w /home/USERNAME/FOLDER/FILENAME.dnstap

QSCAcBij · January 24, 2020, 3:31pm

It was indeed a permissions issue, thank you.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐