[SRU] Enable DNSTAP support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Expired
|
Wishlist
|
Unassigned |
Bug Description
Upstream BIND supports DNSTAP since version 9.11 and this support is enabled in Debian, but disabled in Ubuntu because 2 required dependencies (libprotobuf-c1 and libfstrm0) are in the universe component. However, libprotobuf-c1 was recently approved for inclusion into the main component (bug #1956617), and I have filed a main inclusion report (MIR) for fstrm (bug #1986591).
DNSTAP is a feature of bind9 9.11 and up. It allows for the system to 'tap' into the DNS queries automatically log both DNS Queries and DNS Responses. This lets us actually see the behavior of DNS and what data is being returned at the server level. This replaces `dnscap` behavior by integrating the behavior directly into BIND.
This can be a useful tool for capturing and logging requests. It is not enabled by default when built with BIND9, but can be activated later by users if they wish to use it.
To enable this in BIND9, we only need to build the binaries with `--enable-dnstap` to enable dnstap support.
[Test Plan]
Run the test suites of the original and patched source packages on Ubuntu 20.04, 22.04 and Kinetic and check that there are no regressions and that all test failures are justified.
[Where problems could occur]
This can break deployments that expect that BIND 9 in Ubuntu does not provide DNSTAP support and cause regressions in other packages in the Ubuntu archive.
Changed in bind9 (Ubuntu): | |
status: | Confirmed → New |
description: | updated |
description: | updated |
description: | updated |
Changed in bind9 (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Luís Cunha dos Reis Infante da Câmara (luis220413) |
Changed in bind9 (Ubuntu): | |
status: | In Progress → New |
assignee: | Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody |
Status changed to 'Confirmed' because the bug affects multiple users.