cmikk
commented
2 years ago By design, the fields in the dnstap message do not overlap with information carried in the encapsulated DNS message. This is to avoid duplicating information and preserve maximum flexibility on where dnstap integrates into the instrumented DNS software, the latter being part of a general design goal of dnstap to minimize impact on the instrumented software.
Furthermore, adding this field would not simplify matters. Adding a new required field would break existing software. Adding a new optional field requires readers to handle the case where it is not present by extracting the relevant information from the enclosed message.
Hello, Working with dnstap, I am actually surprised there are no field to store requests/reponses QType. Dnstap readers must parse entire query_message field to retrieve the information, which is quite painful. Is it possible to add this field ?