go-dnscollector
Overview
This dns collector
acts as a high speed passive analyser for DNS traffic written in Go.
It supports several methods as input to collect dns traffic or logs and can redirect them to multiple destinations.
Features
Installation
Run-it from binary
Download the binary from release page.
If you want to integrate this tool with systemd, please to follow this guide.
./go-dnscollector -config config.yml
Run-it from dockerhub
Use the default config (dnstap -> stdout + rest api):
docker run -d --rm --network host --name=dnscollector01 dmachard/go-dnscollector
Override the default configuration (/etc/dnscollector/config.yml) with a config file on the host and custom ports:
docker run -d -p 6000:6000 -p 8080:8080 -v $(pwd)/config.yml:/etc/dnscollector/config.yml --name=dnscollector01 dmachard/go-dnscollector
Configuration
A typically configuration would have one or more collector to receive DNS traffic or logs, and severals loggers to process the
incoming traffics. See Configuration guide.
Use-cases
As prerequisites, we assume you have a DNS server which supports DNSTap (unbound, bind, powerdns, etc)
For more informations about dnstap, please to read the following page Dnstap: How to enable it on main dns servers
Metrics
See Metrics.
Metric |
Description |
dnscollector_qps |
Number of queries per second received |
dnscollector_requesters_total |
Number of clients |
dnscollector_domains_total |
Number of domains observed |
dnscollector_received_bytes_total |
Total bytes received |
dnscollector_sent_bytes_total |
Total bytes sent |
Benchmark
Tested on the following machine: 8 vCPUs, 32 GB memory
packet per sec received |
DnsCollector |
50k |
OK - 0% lost |
100k |
OK - 0% lost |
150k |
OK (0.07% lost) |
For developers
Run from source
go run .
Execute testunits for collectors
go test -timeout 10s ./collectors/ -cover -v
Execute testunits for loggers
go test -timeout 10s ./loggers/ -cover -v
Execute testunits for subprocessors
go test -timeout 10s ./subprocessors/ -cover -v
Execute a test for one specific testcase in a package
go test -timeout 10s -cover -v ./loggers -run TestSyslogRunJsonMode
Building from source.
Use the latest golang available on your target system
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o go-dnscollector *.go