Deployment Instructions: NIOS dnstap Logging

You can configure NIOS to use the dnstap log format to log DNS queries and responses at high rates to well-known destinations, such as an Ubuntu VM. dnstap is a flexible, structured binary log format for DNS software. It reduces the workload on NIOS to allow for logging queries and/or responses at higher speeds and performance than regular logging. This section shows you how to ingest dnstap formatted logs from NIOS into Elastic.

Several components are required to ingest dnstap logs into Elastic from NIOS. You need:

NIOS with dnstap enabled. For this demo, an IB-FLEX box was used with the DNS Cache Acceleration service running.
An external client to receive dnstap logs from NIOS. For this demo, an Ubuntu 18.04 VM was used.
A way to receive, store and process dnstap logs after logging queries to the external client. For this demo, the Python module dnstap-receiver was used.
Elastic Stack. For this demo, Elastic Stack was installed on the same Ubuntu VM as dnstap-receiver.

It is likely that if you are using dnstap, you are logging a large number of queries. It is highly recommended to secure DNS queries and responses between a server and client. Another layer of extra security that NIOS offers is the DNS over TLS and DNS over HTTPSservices. These services encrypt DNS queries and responses to secure communication between a DNS server and a DNS client.

TME-DG-Elastic-Stack-Infoblox-B1TD-&-NIOS-DNSTAP-Logging-Integration

Deployment Instructions: NIOS dnstap Logging

Analytics

Related content