search

graylog-labs / graylog-plugin-dnsresolver

Message filter plugin to reverse lookup the source field
Apache License 2.0
9 stars 6 forks source link

Define dns-server for resolving as option #4

Open xtruthx opened 6 years ago

xtruthx commented 6 years ago

As i see so far it is not possible to change or set the servers which are used for name resolving. Is there a way to implement that?

Cheers

joschi commented 6 years ago

The filter is using the JVM's internal name resolution: https://github.com/graylog-labs/graylog-plugin-dnsresolver/blob/63a0a44e1b33292e126912f16247789d70b6a6f6/src/main/java/org/graylog/plugin/filter/dns/DnsResolverFilter.java#L105-L106

In other words, you can configure a different DNS resolver for the JVM, see sun.net.spi.nameservice.nameservers at https://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.html#jndi and https://slackhacker.com/2010/07/21/how-to-set-a-custom-dns-server-with-java-system-properties/

But be aware that the DNS resolver configured in these system properties will be used for all name resolution tasks in Graylog.

xtruthx commented 6 years ago

I already thought something like that. Is there a chance for separate dns-resolving and options? If not. Thanks for the helpful information and close this issue. If yes than this could be a feature request?

joschi commented 6 years ago

@xtruthx Instead of using a filter (which runs on all messages), I'd rather have a lookup data adapter encapsulating DNS requests so that it can be used (and cached) more flexibly.

See Graylog2/graylog2-server#4200 for a related issue.