Local addresses are missing from dnstap captures of resolver traffic
Since !4601 (merged) was merged, the following dnstap output is produced by
named in the default configuration when a resolver is queried for
pl/DNSKEY (only resolver traffic was included for clarity):
named -6
10-Feb-2022 17:55:08.521 RQ :::36241 -> 2001:503:c27::2:30:53 UDP 40b ./IN/DNSKEY
10-Feb-2022 17:55:08.521 RQ :::53541 -> 2001:503:c27::2:30:53 UDP 40b ./IN/NS
10-Feb-2022 17:55:08.601 RR :::36241 <- 2001:503:c27::2:30:53 UDP 864b ./IN/DNSKEY
10-Feb-2022 17:55:09.317 RQ :::34801 -> 2001:503:c27::2:30:53 UDP 40b ./IN/NS
10-Feb-2022 17:55:09.404 RR :::34801 <- 2001:503:c27::2:30:53 UDP 845b ./IN/NS
10-Feb-2022 17:55:12.617 RQ :::41106 -> 2001:503:ba3e::2:30:53 UDP 40b ./IN/NS
10-Feb-2022 17:55:12.617 RQ :::51237 -> 2001:503:ba3e::2:30:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:55:12.640 RR :::41106 <- 2001:503:ba3e::2:30:53 UDP 1097b ./IN/NS
10-Feb-2022 17:55:12.640 RR :::51237 <- 2001:503:ba3e::2:30:53 UDP 914b pl/IN/DNSKEY
10-Feb-2022 17:55:12.640 RQ :::37509 -> 2620:10a:80aa::48:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:55:12.640 RQ :::47186 -> 2001:500:2d::d:53 UDP 49b e-dns.pl/IN/AAAA
10-Feb-2022 17:55:12.640 RR :::47186 <- 2001:500:2d::d:53 UDP 914b e-dns.pl/IN/AAAA
10-Feb-2022 17:55:12.644 RQ :::43215 -> 2620:10a:80aa::48:53 UDP 49b e-dns.pl/IN/AAAA
10-Feb-2022 17:55:12.667 RR :::37509 <- 2620:10a:80aa::48:53 UDP 31b pl/IN/DNSKEY
10-Feb-2022 17:55:12.674 RR :::43215 <- 2620:10a:80aa::48:53 UDP 761b e-dns.pl/IN/AAAA
10-Feb-2022 17:55:12.667 RQ :::0 -> 2620:10a:80aa::48:53 TCP 43b pl/IN/DNSKEY
10-Feb-2022 17:55:12.720 RR :::0 <- 2620:10a:80aa::48:53 TCP 1385b pl/IN/DNSKEYnamed -4
10-Feb-2022 17:55:42.617 RQ 0.0.0.0:52361 -> 202.12.27.33:53 UDP 40b ./IN/DNSKEY
10-Feb-2022 17:55:42.617 RQ 0.0.0.0:37000 -> 202.12.27.33:53 UDP 40b ./IN/NS
10-Feb-2022 17:55:42.647 RR 0.0.0.0:52361 <- 202.12.27.33:53 UDP 864b ./IN/DNSKEY
10-Feb-2022 17:55:42.664 RR 0.0.0.0:37000 <- 202.12.27.33:53 UDP 1097b ./IN/NS
10-Feb-2022 17:55:45.890 RQ 0.0.0.0:58104 -> 193.0.14.129:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:55:45.894 RR 0.0.0.0:58104 <- 193.0.14.129:53 UDP 914b pl/IN/DNSKEY
10-Feb-2022 17:55:45.894 RQ 0.0.0.0:53854 -> 93.190.128.146:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:55:45.914 RR 0.0.0.0:53854 <- 93.190.128.146:53 UDP 59b pl/IN/DNSKEY
10-Feb-2022 17:55:45.914 RQ 0.0.0.0:0 -> 93.190.128.146:53 TCP 59b pl/IN/DNSKEY
10-Feb-2022 17:55:45.954 RR 0.0.0.0:0 <- 93.190.128.146:53 TCP 1413b pl/IN/DNSKEYMeanwhile, the expected output (as produced by BIND 9.16 and older versions) looks more like this:
named -6
10-Feb-2022 17:57:44.523 RQ 2001:470:64df:111::e02:52125 -> 2001:500:200::b:53 UDP 40b ./IN/DNSKEY
10-Feb-2022 17:57:44.523 RQ 2001:470:64df:111::e02:48774 -> 2001:500:200::b:53 UDP 40b ./IN/NS
10-Feb-2022 17:57:44.583 RR 2001:470:64df:111::e02:52125 <- 2001:500:200::b:53 UDP 56b ./IN/DNSKEY
10-Feb-2022 17:57:44.583 RR 2001:470:64df:111::e02:48774 <- 2001:500:200::b:53 UDP 56b ./IN/NS
10-Feb-2022 17:57:44.583 RQ 2001:470:64df:111::e02:39731 -> 2001:500:200::b:53 UDP 56b ./IN/DNSKEY
10-Feb-2022 17:57:44.583 RQ 2001:470:64df:111::e02:60246 -> 2001:500:200::b:53 UDP 56b ./IN/NS
10-Feb-2022 17:57:44.639 RR 2001:470:64df:111::e02:39731 <- 2001:500:200::b:53 UDP 892b ./IN/DNSKEY
10-Feb-2022 17:57:44.639 RR 2001:470:64df:111::e02:60246 <- 2001:500:200::b:53 UDP 1229b ./IN/NS
10-Feb-2022 17:57:47.643 RQ 2001:470:64df:111::e02:55999 -> 2001:500:2::c:53 UDP 40b ./IN/NS
10-Feb-2022 17:57:47.643 RQ 2001:470:64df:111::e02:47594 -> 2001:500:2::c:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:57:48.446 RQ 2001:470:64df:111::e02:41403 -> 2001:500:2::c:53 UDP 40b ./IN/NS
10-Feb-2022 17:57:48.446 RQ 2001:470:64df:111::e02:49003 -> 2001:500:2::c:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:57:49.246 RQ 2001:470:64df:111::e02:49059 -> 2001:500:2::c:53 UDP 40b ./IN/NS
10-Feb-2022 17:57:49.246 RQ 2001:470:64df:111::e02:51667 -> 2001:500:2::c:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:57:51.513 RQ 2001:470:64df:111::e02:54552 -> 2001:dc3::35:53 UDP 40b ./IN/NS
10-Feb-2022 17:57:51.513 RQ 2001:470:64df:111::e02:47949 -> 2001:dc3::35:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:57:51.579 RR 2001:470:64df:111::e02:54552 <- 2001:dc3::35:53 UDP 1097b ./IN/NS
10-Feb-2022 17:57:51.583 RQ 2001:470:64df:111::e02:49651 -> 2001:7fe::53:53 UDP 49b e-dns.pl/IN/AAAA
10-Feb-2022 17:57:51.579 RR 2001:470:64df:111::e02:47949 <- 2001:dc3::35:53 UDP 914b pl/IN/DNSKEY
10-Feb-2022 17:57:51.643 RR 2001:470:64df:111::e02:49651 <- 2001:7fe::53:53 UDP 942b e-dns.pl/IN/AAAA
10-Feb-2022 17:57:51.583 RQ 2001:470:64df:111::e02:44144 -> 2001:a10:121:1::156:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:57:51.643 RQ 2001:470:64df:111::e02:56067 -> 2620:10a:80aa::48:53 UDP 49b e-dns.pl/IN/AAAA
10-Feb-2022 17:57:51.633 RR 2001:470:64df:111::e02:44144 <- 2001:a10:121:1::156:53 UDP 59b pl/IN/DNSKEY
10-Feb-2022 17:57:51.709 RR 2001:470:64df:111::e02:56067 <- 2620:10a:80aa::48:53 UDP 761b e-dns.pl/IN/AAAA
10-Feb-2022 17:57:51.633 RQ 2001:470:64df:111::e02:34815 -> 2001:a10:121:1::156:53 TCP 59b pl/IN/DNSKEY
10-Feb-2022 17:57:51.713 RR 2001:470:64df:111::e02:34815 <- 2001:a10:121:1::156:53 TCP 1413b pl/IN/DNSKEYnamed -4
10-Feb-2022 17:58:17.419 RQ 192.168.111.245:60076 -> 202.12.27.33:53 UDP 40b ./IN/DNSKEY
10-Feb-2022 17:58:17.419 RQ 192.168.111.245:35292 -> 202.12.27.33:53 UDP 40b ./IN/NS
10-Feb-2022 17:58:17.452 RR 192.168.111.245:35292 <- 202.12.27.33:53 UDP 1097b ./IN/NS
10-Feb-2022 17:58:17.452 RR 192.168.111.245:60076 <- 202.12.27.33:53 UDP 864b ./IN/DNSKEY
10-Feb-2022 17:58:18.749 RQ 192.168.111.245:37632 -> 199.7.83.42:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:58:18.769 RR 192.168.111.245:37632 <- 199.7.83.42:53 UDP 914b pl/IN/DNSKEY
10-Feb-2022 17:58:18.769 RQ 192.168.111.245:44178 -> 185.159.198.48:53 UDP 43b pl/IN/DNSKEY
10-Feb-2022 17:58:18.789 RR 192.168.111.245:44178 <- 185.159.198.48:53 UDP 31b pl/IN/DNSKEY
10-Feb-2022 17:58:18.789 RQ 192.168.111.245:45483 -> 185.159.198.48:53 TCP 43b pl/IN/DNSKEY
10-Feb-2022 17:58:18.832 RR 192.168.111.245:45483 <- 185.159.198.48:53 TCP 1385b pl/IN/DNSKEYSee also #4344
Edited by Michał Kępień