From: Michał Kępień <michal@isc.org>
Date: Wed, 22 Jun 2022 13:09:43 +0000 (+0200)
Subject: Add a note to the ARM on dnstap & resolver traffic
X-Git-Tag: v9.19.3~27^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=366f7a938bb94842460d3f2fbf7aee0967c837a8;p=thirdparty%2Fbind9.git

Add a note to the ARM on dnstap & resolver traffic

Warn users that server-side IP addresses are not stored in dnstap
captures of resolver traffic unless "query-source(-v6)" is explicitly
set, explaining why it is so.
---

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 2b1f46b65fb..82d66476802 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1041,6 +1041,14 @@ default is used.
         resolver query;
       };
 
+   .. note:: In the default configuration, the dnstap output for
+      recursive resolver traffic does not include the IP addresses used
+      by server-side sockets. This is caused by the fact that unless the
+      :ref:`query source address <query_address>` is explicitly set,
+      these sockets are bound to wildcard IP addresses and determining
+      the specific IP address used by each of them requires issuing a
+      system call (i.e. incurring a performance penalty).
+
    Logged ``dnstap`` messages can be parsed using the :iscman:`dnstap-read`
    utility (see :ref:`man_dnstap-read` for details).