Unbound's documentation mentions that query logging can have very adverse performance on server operation. I was curious if the project feels this has been optimized to the degree possible already, or if an approach similar to what some other projects take may be beneficial; namely something like delegating logging responsibilities to a different thread (Suricata IDS engine, I think) or even using a separate log output process (Squid [1], OpenBSD's PF/pflogd(8) [2]).
Alternately, is dnstap [3] the preferred direction for this? Depending on the implementation, the difference in complexity between a fast, native textual query log on the server vs. a dnstap configuration could be a factor. [1] http://www.squid-cache.org/Doc/config/logfile_daemon/ [2] http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/pflogd.8?query=pflogd&sec=8 [3] http://dnstap.info/ -- Darren Spruell phatbuck...@gmail.com
