search

netblue30 / fdns

Firejail DNS-over-HTTPS Proxy Server
GNU General Public License v3.0
122 stars 30 forks source link

queries are logged in the journal #16

Open rusty-snake opened 4 years ago

rusty-snake commented 4 years ago

After 3a54e19f288662adaf16a4887f2955a51c1be9a5 all resolved hostnames are logged in the journal. This has two drawback:

We should stop this by default.

Solution

  1. fdns is quite by default, unless --verbose is specified. Normal fdns output woud be the following. (Alll expect github.com, encrypted and so on) 
    SSL connection opened in 240.98 ms
DoH response average 30.05 ms
fdns starting
connecting to adguard server
listening on 127.1.1.1
369 filter entries added from /etc/fdns/trackers
5606 filter entries added from /etc/fdns/fp-trackers
24057 filter entries added from /etc/fdns/adblocker
12612 filter entries added from /etc/fdns/coinblocker
(2) SSL connection opened
(0) SSL connection opened
(1) SSL connection opened
  2. --quite/--silent fdns has his normal output unless this option is give, then it output nothing.
  3. --nolog fdns has full output by default, but with this option it drops the output of queries.
glitsj16 commented 4 years ago

@rusty-snake Those are new options (--nolog, --quiet, --verbose ...) you're proposing, correct? Until those are available we could control logging via regular systemd options in fdns.service. Something like the below perhaps?

LOGGING NOTES: [IMPORTANT] only enable one of the below options

rusty-snake commented 4 years ago

Those are new options (--nolog, --quiet, --verbose ...) you're proposing, correct?

Yes

Uncommenting line 20 works. https://github.com/netblue30/fdns/blob/59eebdcd05fbdca0dae4d0ec8d2ccab953785696/etc/fdns.service#L20

netblue30 commented 4 years ago

OK, let's see if I got it right:

rusty-snake commented 4 years ago

@netblue30 that only proposals. The main issue is that since 3a54e19 all github.com, encrypted messages are in the journal.