This section includes the following topics:
About dnstap Implementation
If you choose to enable the dnstap log format, you will not be able to capture queries and responses using the Data connector for all DNS Queries/Responses to a Domainfields. And if you use the Data connector for all DNS Queries/Responses to a Domainfields for query capture, the DNSTAP settings for DNS Queries/Responses fields will be are disabled.
For Advanced DNS Protection software with acceleration, you must download the latest ruleset before enabling dnstap.
Ensure that you understand the following limitations before you use dnstap to log queries and responses:
- dnstap supports UDP, TCP, and EDNS protocols that require additional processing thus leading to a decrease in performance.
- NIOS does not support BIND9 dnstap.
- If the remote logging server is not accessible, then the logs are dropped and not buffered.
- The dnstap server cannot truncate EDNSO queries.
- If you run a query that contains +edns=1, a dnstap server that uses the Golang DNS library to process the captured data displays it as a bad signature (TSIG signature failure).
- Capturing the queries and responses also depends on other factors such as the size of the flavor deployed and features enabled over it.
- dnstap does not support query and response logging on the MGMT interface.
- For long-running queries, using dnstap may cause some response packets to be dropped.
Configuring dnstap to Log DNS Queries and Response Captures