You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While trying to get more telemetry and logging of requests/replies/errors into one of our DNS-based applications which uses miekg/dns, I came across several pain points, which I'd like to address (yes, I'd do the work) if we can agree with the best way to do that.
hooks like InvalidMsgHook know nothing about the connection, so it is impossible to log useful data such as the DNS client's IP and port that is sending malformed packets. You can have blind telemetry (counters, etc), but logging capabilities get very limited.
DecorateWriter/Reader are wire-level, and thus unsuitable for logging or telemetry of DNS data in the request/reply.
private implementation of type "response" in serve.go gets in the way of trying to leverage a modified ResponseWriter that does logging in WriteMsg().
So, I'd like to propose a DecorateResponseWriter, and that low-level serveDNS in server.go stop issuing wire replies without going through a configurable ResponseWriter. It could be done through an indirection like the one that is currently handling DecorateWriter.
For the hooks, to avoid API break I guess the easiest way would be to provide InvalidMsgHook2 and MsgAcceptFunc2 that also take a ResponseWriter as a second parameter, and which by default just pass through to the older InvalidMsgHook and MsgAcceptFunc hooks. I am sure this is not very idiomatic, but it should be extremely cheap runtime-wise.
Note that this new MsgAcceptFunc2 could be used to refuse access (with a DNS REFUSED reply if so desired) based on client connection data, which is awkward to do on DecorateReader.
Does this look sane? Or have I misunderstood something (everything) and there is no need for those changes so as to be able to log and count NOTIMP replies, FORMERR replies, and discarded packets (with their origin) ?
The text was updated successfully, but these errors were encountered:
While trying to get more telemetry and logging of requests/replies/errors into one of our DNS-based applications which uses miekg/dns, I came across several pain points, which I'd like to address (yes, I'd do the work) if we can agree with the best way to do that.
hooks like InvalidMsgHook know nothing about the connection, so it is impossible to log useful data such as the DNS client's IP and port that is sending malformed packets. You can have blind telemetry (counters, etc), but logging capabilities get very limited.
DecorateWriter/Reader are wire-level, and thus unsuitable for logging or telemetry of DNS data in the request/reply.
private implementation of type "response" in serve.go gets in the way of trying to leverage a modified ResponseWriter that does logging in WriteMsg().
So, I'd like to propose a DecorateResponseWriter, and that low-level serveDNS in server.go stop issuing wire replies without going through a configurable ResponseWriter. It could be done through an indirection like the one that is currently handling DecorateWriter.
For the hooks, to avoid API break I guess the easiest way would be to provide InvalidMsgHook2 and MsgAcceptFunc2 that also take a ResponseWriter as a second parameter, and which by default just pass through to the older InvalidMsgHook and MsgAcceptFunc hooks. I am sure this is not very idiomatic, but it should be extremely cheap runtime-wise.
Note that this new MsgAcceptFunc2 could be used to refuse access (with a DNS REFUSED reply if so desired) based on client connection data, which is awkward to do on DecorateReader.
Does this look sane? Or have I misunderstood something (everything) and there is no need for those changes so as to be able to log and count NOTIMP replies, FORMERR replies, and discarded packets (with their origin) ?
The text was updated successfully, but these errors were encountered: