Skip to main content

Python PDNS protobuf receiver to JSON stream

Project description

PowerDNS protobuf receiver

License: MIT PyPI - Python Version

The pdns_protobuf_receiver is a daemon in Python 3 that acts a protobuf server for PowerDNS's products. You can use it to collect DNS queries and responses and to log to syslog or a json remote tcp collector.

Table of contents

Installation

PyPI

From pypi, deploy the pdns_protobuf_receiver with the pip command. Only Python3 is supported.

pip install pdns-protobuf-receiver

After installation, you will have pdns_protobuf_receiver binary available

Docker Hub

Pull the pdns-protobuf-receiver image from Docker Hub.

docker pull dmachard/pdns-protobuf-receiver:latest

Deploy the container

docker run -d -p 50001:50001 --name=pdns-pb01 dmachard/pdns-protobuf-receiver

Follow containers logs

docker logs pdns-pb01 -f

Execute receiver

The receiver is listening by default on the 0.0.0.0 interface and 50001 tcp port

If you want to print DNS queries and responses to stdout in JSON format, then execute the pdns_protobuf receiver as below:

# pdns_protobuf_receiver -v
2020-05-29 18:39:08,579 Start pdns protobuf receiver...
2020-05-29 18:39:08,580 Using selector: EpollSelector

If you want to resend protobuf message to your remote tcp collector Start the pdns_protobuf receiver as below:

# pdns_protobuf_receiver -j 10.0.0.235:6000 -v
2020-05-29 18:39:08,579 Start pdns protobuf receiver...
2020-05-29 18:39:08,580 Using selector: EpollSelector
2020-05-29 18:39:08,580 Connecting to 10.0.0.235 6000
2020-05-29 18:39:08,585 Connected to 10.0.0.235 6000

Startup options

Command line options are:

usage: -c [-h] [-l L] [-j J] [-v]

optional arguments:
  -h, --help  show this help message and exit
  -l L        listen protobuf dns message on tcp/ip address <ip:port>
  -j J        write JSON payload to tcp/ip address <ip:port>
  -v          verbose mode

JSON log format

Each events generated by the pdns_protbuf receiver will have the following format:

{
    "dns_message": "AUTH_QUERY",
    "socket_family": "IPv6",
    "socket protocol": "UDP",
    "from_address": "0.0.0.0",
    "to_address": "184.26.161.130",
    "query_time": "2020-05-29 13:46:23.322",
    "response_time": "1970-01-01 01:00:00.000",
    "latency": 0,
    "query_type": "A",
    "query_name": "a13-130.akagtm.org.",
    "return_code": "NOERROR",
    "bytes": 4
}

Keys description:

  • dns_message: PDNS message type (CLIENT_QUERY, CLIENT_RESPONSE, ...)
  • socket_family: IP protocol used (IPv4 or IPv6)
  • socket_protocol: transport protocol used (UDP or TCP)
  • from_address: the querier IP address
  • to_address: the destination IP address
  • query_time: time of query reception
  • response_time: time of response reception
  • latency: difference between query and response time
  • query_type: the query type (A, AAAA, NS, ...)
  • query_name: the query name
  • return_code: the response code sent back to the client (NXDOMAIN, NOERROR, ...)
  • bytes: size in bytes of the query or response

PowerDNS configuration

You need to configure dnsdist or pdns-recursor to active remote logging.

dnsdist

Configure the dnsdist /etc/dnsdist/dnsdist.conf and add the following lines Set the newRemoteLogger function with the address of your pdns_protobuf_receiver instance.

rl = newRemoteLogger("10.0.0.97:50001")
addAction(AllRule(),RemoteLogAction(rl))
addResponseAction(AllRule(),RemoteLogResponseAction(rl))

Restart dnsdist.

pdns-recursor

Configure the powerdns recursor /etc/pdns-recursor/recursor.conf and add the following line

lua-config-file=/etc/pdns-recursor/recursor.lua

Create the LUA file /etc/pdns-recursor/recursor.lua Set the protobufServer or outgoingProtobufServer functions with the address of your pdns_protobuf receiver instance.

protobufServer("10.0.0.97:50001", {logQueries=true,
                                   logResponses=true,
                                   exportTypes={'A', 'AAAA',
                                                'CNAME', 'MX', 
                                                'PTR', 'NS',
                                                'SPF', 'SRV',
                                                'TXT'}} )
outgoingProtobufServer("10.0.0.97:50001",  {logQueries=true,
                                            logResponses=true,
                                            exportTypes={'A', 'AAAA',
                                                         'CNAME', 'MX',
                                                         'PTR', 'NS',
                                                         'SPF', 'SRV',
                                                         'TXT'}})

Restart the recursor.

About

Author Denis Machard d.machard@gmail.com
PyPI https://pypi.org/project/pdns-protobuf-receiver/
Github https://github.com/dmachard/pdns-protobuf-receiver
DockerHub https://hub.docker.com/r/dmachard/pdns-protobuf-receiver

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pdns_protobuf_receiver-1.0.1.tar.gz (11.3 kB view details)

Uploaded Source

Built Distribution

pdns_protobuf_receiver-1.0.1-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file pdns_protobuf_receiver-1.0.1.tar.gz.

File metadata

  • Download URL: pdns_protobuf_receiver-1.0.1.tar.gz
  • Upload date:
  • Size: 11.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.0 requests/2.24.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.9

File hashes

Hashes for pdns_protobuf_receiver-1.0.1.tar.gz
Algorithm Hash digest
SHA256 52378e0a3b9661e5d6b9e4a35e1a482c901ede266e933523fbe0021fb182431c
MD5 d16dc5c1a0cc71cd060a3d36e6e7174c
BLAKE2b-256 4afc8b60a2192741114cdf980ad77a72b94129c3e24bd318d8afdcdc2b3eee76

See more details on using hashes here.

File details

Details for the file pdns_protobuf_receiver-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: pdns_protobuf_receiver-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 10.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.0 requests/2.24.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.9

File hashes

Hashes for pdns_protobuf_receiver-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e6bf11e256bdc1821b3b701a033bda097bb4c6abcf1b756f65328c68ce8f7352
MD5 fef7ce2077c4b0feb42d6320af93a1de
BLAKE2b-256 d71e218798132bdd091000f6e17b924866194b6cac5a632571d5d45394811ae8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page