Comment 0 for bug 1986586
Revision history for this message
| Luís Infante da Câmara (luis220413) wrote | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Upstream BIND supports DNSTAP since version 9.11 and this support is enabled in Debian, but disabled in Ubuntu because 2 required dependencies (libprotobuf-c1 and libfstrm0) are in the universe component. However, libprotobuf-c1 was recently approved for inclusion into the main component (bug #1956617), and I have filed a main inclusion report (MIR) for fstrm (bug #xxxxxxx).
DNSTAP is a feature of bind9 9.11 and up. It allows for the system to 'tap' into the DNS queries automatically log both DNS Queries and DNS Responses. This lets us actually see the behavior of DNS and what data is being returned at the server level. This replaces `dnscap` behavior by integrating the behavior directly into BIND.
This can be a useful tool for capturing and logging requests. It is not enabled by default when built with BIND9, but can be activated later by users if they wish to use it.
To enable this in BIND9, we only need to build the binaries with `--enable-dnstap` to enable dnstap support.
[Test Plan]
Run the test suites of the patched source package.
[Where problems could occur]
Adding DNSTAP support can break deployments that expect that Ubuntu does not provide that support.