The project

The goal is to capture the DNS data within a CoreDNS middleware and write it to a "dnstap log file" (prehaps over the network)


I can see from middleware/whoami that the message is to be constructed inside a middleware.Handler interface, from the parameters passed in ServeDNS(context.Context, dns.ResponseWriter, *dns.Msg) (int, error), especially from *dns.Msg.

The message is in fact a dnstap.Message nested within a dnstap.Dnstap structure which is (satisfies) a Protocol Buffer proto.Message to be marshalled by proto.Marshal.

The serialized data can then be streamed over the network using the dnstap.FrameStreamOutput/dnstap.FrameStreamInput structures.

In fact, according to this: encoding the serialized data with dnstap.FrameStreamOutput, and writing the output to a socket (dnstap.sock), is enough to use the dnstap command-line tool, for example: dnstap -u dnstap.sock.

The log file can then be generated using: dnstap -u dnstap.sock -w log.dnstap.


Antoine D.


  • Miek Gieben
  • John Belamaric