Bug 1854148

Summary: RFE: add DNSTAP to RHEL's 8.x Bind
Product: Red Hat Enterprise Linux 8 Reporter: Kitty <kweg>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: high Docs Contact: Prerana Sharma <presharm>
Priority: medium    
Version: 8.0CC: aegorenk, amkulkar, christian.bretterhofer, fperalta, igkioka, kweg, pdancak, pemensik, psklenar, rik.theys
Target Milestone: rcKeywords: AutoVerified, FutureFeature, Patch, TestCaseProvided, Triaged
Target Release: 8.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: bind-9.11.26-2.el8 Doc Type: Enhancement
Doc Text:
.`DNSTAP` now records incoming detailed queries. `DNSTAP` provides an advanced way to monitor and log details of incoming name queries. It also records sent answers from the `named` service. Classic query logging of the named service has a negative impact on the performance of the `named` service. As a result, DNSTAP offers a way to perform continuous logging of detailed incoming queries without impacting the performance penalty. The new `dnstap-read` utility allows you to analyze the queries running on a different system.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 14:59:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1869225    
Bug Blocks: 1771008, 1845672, 1919904, 1975268    

Comment 3 Tomáš Hozza 2020-07-09 13:25:45 UTC 
Hello.

Thank you for your request.

I would like to ask about specific reasons (functionality) why the Customer needs DNSTAP in BIND and can not use available tools like wireshark and tcpdump to capture DNS communication and analyze it? 

I would be also interested if there are more customers, who would use this feature, or this is the only single customer that is requesting this functionality? 

What is the business impact on customer if this functionality is not added to RHEL?

Thank you in advance.
Comment 5 Rik Theys 2020-08-04 14:31:44 UTC 
Hi,

(In reply to Tomáš Hozza from comment #3)
> I would like to ask about specific reasons (functionality) why the Customer
> needs DNSTAP in BIND and can not use available tools like wireshark and
> tcpdump to capture DNS communication and analyze it? 

dnstap allows for continuously running performant query logging. Wireshark is fine for ad-hoc investigations, but not for permanently running query logging. Using the default query logging of bind is less performant than dnstap.

> I would be also interested if there are more customers, who would use this
> feature, or this is the only single customer that is requesting this
> functionality? 

I'm not the original reporter of this issue, but we would also like to see this feature implemented.

Regards,
Rik
Comment 9 Petr Menšík 2020-09-23 10:19:18 UTC 
It was enabled also in Fedora by commits [1] and [2]. With required fstrm also available, it would be easy to add it. It would add protobuf-c also to bind-utils. But it does not matter, they are already both in rhel-AppStream

1. https://src.fedoraproject.org/rpms/bind/c/f0b6f15ced5af5f309ccbfe35c6ec38ddca7b619
2. https://src.fedoraproject.org/rpms/bind/c/ae36af4c9fd8189ea9925222f6e9902239f61af3
Comment 47 Christian Bretterhofer 2021-02-18 08:20:24 UTC 
add me to list
Comment 50 errata-xmlrpc 2021-05-18 14:59:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (bind bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1645