Jaap Akkerhuis <jaap at nlnetlabs.nl> wrote: > > > > For security reasons, you shouldn't really parse traffic on a > > > production system, though you could write the logfile and do so > > > offline. > > > ...which would be a good reason for unbound to do the logging > > itself. Unbound has already parsed the DNS packet, by necessity. > > I don't understand this logic. For "security reason" one should not > parse traffic on the production box, but it is OK that unbound (that > is in prduction on this box) does parse it? > Unbound has already parsed the DNS payload so the security reason is probably moot at that point. I think $poster[-2] was hinting more towards a seperate stat analysis tool might have insecurity woes and that should not be run on the production box. I prefer[1] to have a seperator collector daemon, Phil's preference is to get unbound to do it as it argubly has already done 80% of the leg work. Cheers [1] BIND9 was all the rage, then djbdns, now unbound, tomorrow? -- Alexander Clouter .sigmonster says: pain, n.: One thing, at least it proves that you're alive!