search

klutchell / unbound-docker

unofficial unbound multiarch docker image
BSD 3-Clause "New" or "Revised" License
106 stars 20 forks source link

DNSTap #114

Open loe opened 1 year ago

loe commented 1 year ago

Thoughts on an alternate build with it enabled? Drags in some dependencies, so not advocating for it as the default.

klutchell commented 1 year ago

What additional dependencies would it require?

loe commented 1 year ago

It depends on protobuf and fstrm.

https://dnstap.info/Source/

klutchell commented 1 year ago

I will have to look into this since we are using the official buildroot recipe for unbound. I would probably rather upstream this as a buildroot option rather than maintain another patch.

loe commented 1 year ago

I'm not familiar with how options work for buildroot, but the components are all included in the source distribution for unbound. Its an option in the configure script, --enable-dnstap more details in the documentation "DNSTAP Logging Options" section.

klutchell commented 1 year ago

We can look into adding a new config option in here and see if the buildroot maintainers accept it. https://github.com/buildroot/buildroot/blob/master/package/unbound/unbound.mk

eg.

ifeq ($(BR2_PACKAGE_UNBOUND_DNSTAP),y)
UNBOUND_CONF_OPTS += --enable-dnstap
UNBOUND_DEPENDENCIES += fstrm
UNBOUND_DEPENDENCIES += protobuf-c
else
UNBOUND_CONF_OPTS += --disable-dnstap
endif

There would also need to be some additional dependencies added in here https://github.com/buildroot/buildroot/blob/master/package/unbound/Config.in eg.

if BR2_PACKAGE_UNBOUND
config BR2_PACKAGE_UNBOUND_DNSTAP
    bool "enable dnstap"
    select BR2_PACKAGE_FSTRM
    select BR2_PACKAGE_PROTOBUF_C
    help
      dnstap is a flexible, structured binary log format for
      DNS software.

      https://dnstap.info/

      It uses Protocol Buffers to encode events that occur
      inside DNS software in an implementation-neutral format.

      dnstap logging starts an extra thread that writes the log
      information to the destination.
endif
klutchell commented 1 year ago

There does not appear to be an fstrm package in buildroot, so we would need to make a whole new package for that as well.

klutchell commented 1 year ago

I have a PR that removes the dependency on buildroot: https://github.com/klutchell/unbound-docker/pull/143

If that PR becomes viable, and I merge it, then the changes above could be added directly to the Dockerfile.

klutchell commented 1 year ago

The current main branch now builds from sources without buildroot, so feel free to open a PR with the additional DNSTap dependencies and we will see how much size it adds to the image.

klutchell commented 1 year ago

@loe is this still something you are interested in?

loe commented 1 year ago

@loe is this still something you are interested in?

I'll look into it - still interested, would love to know where my traffic is going!