[dsc] local_address problem in dsc configuration

Anand Buddhdev anandb at ripe.net
Thu Mar 1 14:06:00 UTC 2018


Hello Thib,

The configuration parameter "local_address" is only used to determine
the direction of a DNS packet, to determine whether it is a query or a
response.

You also need to define a parameter called "bpf_program" in your config
file to limit the DSC collector to only process packets for certain
addresses, like this:

local_address 10.254.10.1;
local_address 10.254.20.1;
bpf_program "host (10.254.10.1 or 10.254.20.1)";
interface eth0;

Regards,
Anand Buddhdev
RIPE NCC

On 01/03/2018 14:58, Thib D wrote:
> Hi dsc !
> 
> We recently caught a problem on our current preproduction dsc configuration.
> 
> We are using two processes both using two different conf files to capture
> the stats depending on which local_adress the request is targeted to..
> 
> Lets say dsc-1 is listening on *10.254.10.1* and *10.254.20.1* and dsc-2 is
> listening on *10.254.10.2* and *10.254.20.2. *All of these interfaces are
> on the loopback interface. However, trafic is coming in from eth0, but the
> request are targeted to these loopback address (which are our dns
> nameservers IP).
> 
> The conf looks like this (example for dsc-1.conf)
> 
> local_address 10.254.10.1
>> local_address 10.254.20.1
> 
> 
> 
> run_dir "/var/lib/dsc/run/dsc-1/";
>> pid_file "/run/dsc-1.pid";
>>
> 
> 
> interface eth0;
>>
> 
> 
> dataset qtotal dns All:null Count:null queries-only;
>> dataset qname_qtype dns Qname:qname Qtype:qtype queries-only;
>>
> 
> 
> output_format JSON;
> 
> 
> So now that the processes are running, the JSON reports
> in /var/lib/dsc/run/dsc-1/ should only show statistics for the traffic
> targeting *10.254.10.1* and *10.254.20.1 *right ?
> 
> Actually, the JSON reports for dsc-1 and dsc-2 are exactly the same :
> 
>    - dsc-1 reports show traffic that was intended for all of the 4 loopback
>    addresses instead of only  10.254.10.1 and 10.254.20.1
>    - dsc-2 shows the same.
> 
> If I do this : dig @10.254.10.*1* test.com A, the result will be shown in
> every report.
> 
> There is probably a way to fix this but it looks like our configuration
> could be wrong at the moment. Does the "interface" parameter have an higher
> priority than local address or something ?  Any tips ?
> 
> Thanks.
> _______________________________________________
> dsc mailing list
> dsc at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dsc
> 


More information about the dsc mailing list