I want to be able to mirror the UDP port 53 going to my unbound instance for the purposes of testing out a new external DNS firewall service which we want eventually to start forwarding to. I want to be able to e.g. compare the responses with and without the service.
I don't see any unbound feature or module to do this. Forwarding seems to go to one of the external caching servers given in the forward-addr: section.
Any ideas of tools which allow me to do this? I am running unbound under both Ubuntu 20.04 LTS as well as OpenBSD 6.9
See the iptables -j TEE policy for cloning the packet on the local
network to send it to another unbound DNS server as well as the
original unbound DNS server:
TEE
The TEE target will clone a packet and redirect this clone to another
machine on the local network segment. In other words, the nexthop
must be the target, or you will have to configure the nexthop to
forward it further if so desired.
--gateway ipaddr
Send the cloned packet to the host reachable at the given IP
address. Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
To forward all incoming traffic on eth0 to an Network Layer logging box:
-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1
You might want to take a look at nfdump and potentially netgraph. I've used both for intrusion detection purposes on FreeBSD, and I believe nfdump is supported on OpenBSD - ymmv on linux though:
alternatively you can probably achieve the goal of just mirroring data (rather than copying, capturing and replaying) using a bridge(4) device on OpenBSD via ifconfig(8) (specifically "addspan":