Add a note to the ARM on dnstap & resolver traffic

Warn users that server-side IP addresses are not stored in dnstap
captures of resolver traffic unless "query-source(-v6)" is explicitly
set, explaining why it is so.

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 2b1f46b65fbad37a817ef84b2b7ce9d95a14f298..82d664768023720d3722c4aff67693590f3ff9c1 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1041,6 +1041,14 @@ default is used.
         resolver query;
       };
 
+   .. note:: In the default configuration, the dnstap output for
+      recursive resolver traffic does not include the IP addresses used
+      by server-side sockets. This is caused by the fact that unless the
+      :ref:`query source address <query_address>` is explicitly set,
+      these sockets are bound to wildcard IP addresses and determining
+      the specific IP address used by each of them requires issuing a
+      system call (i.e. incurring a performance penalty).
+
    Logged ``dnstap`` messages can be parsed using the :iscman:`dnstap-read`
    utility (see :ref:`man_dnstap-read` for details).