Phil Mayers <p.mayers at imperial.ac.uk> wrote: >> >>> For the log file with queries have you thought about this: >>> tcpdump -i xl0 dst port domain and "(" dst host [your-resolver-IP] or >>> dst host [your-resolver-IP6] ")" >> >> For security reasons, you shouldn't really parse traffic on a production >> system, though you could write the logfile and do so offline. > > ...which would be a good reason for unbound to do the logging itself. > Unbound has already parsed the DNS packet, by necessity. > ...logging in the 'fast path', not advisable. Plus assuming part of the reason you might be logging is to catch unbound-kill packets, not great. Using a specific logging/recording tool means it becomes independent on the DNS server you use. Cheers -- Alexander Clouter .sigmonster says: Shah, shah! Ayatollah you so!