-
-
Notifications
You must be signed in to change notification settings - Fork 45
/
use-case-25.yml
56 lines (50 loc) · 1.33 KB
/
use-case-25.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# How to only log slow responses and errors only?
# If turned on, debug messages are printed in the standard output
global:
trace:
verbose: true
pipelines:
# Listen on tcp/6000 for incoming DNSTap protobuf messages from dns servers
- name: dnsdist_in
dnstap:
listen-ip: 0.0.0.0
listen-port: 6000
transforms:
normalize:
qname-lowercase: true
qname-replace-nonprintable: true
latency:
measure-latency: true
routing-policy:
forward: [filter-slow, filter-errors]
dropped: []
# keep only slow responses
- name: filter-slow
dnsmessage:
matching:
include:
dnstap.operation: "CLIENT_RESPONSE"
dnstap.latency:
greater-than: 0.2
routing-policy:
forward: [outputfile-slowresponses]
# keep only DNS errors responses (discard NOERROR and NXDOMAINS)
- name: filter-errors
dnsmessage:
matching:
include:
dnstap.operation: "CLIENT_RESPONSE"
exclude:
dns.rcode:
- NOERROR
- NXDOMAIN
routing-policy:
forward: [outputfile-dnserrors]
- name: outputfile-slowresponses
logfile:
file-path: "/tmp/dnstap-slow.log"
mode: flat-json
- name: outputfile-dnserrors
logfile:
file-path: "/tmp/dnstap-errors.log"
mode: text