On Tue, 14 Jun 2011 17:57:15 +0100 Phil Mayers wrote: > Bind 9 manages this just fine at our site, at excessively high loads. > But we know unbound is far quicker and more secure than bind, of course so was djbs code. > > > > Plus assuming part of the reason you might be logging is to catch > > unbound-kill packets, not great. > > I think it would be better to have packets no kill unbound personally... > What are these, do you mean dnssec dos. Googling hasn't turned much up. > > > > Using a specific logging/recording tool means it becomes independent on > > the DNS server you use. > > It's also another bit of software to install, update, configure and > manage. It's another independent DNS parser, which may or may not be as > robust as the DNS parser in a high-volume recursive resolver. And it > lacks access to internal resolver state, which the logging may or may > not want to record e.g. I agree here, but I have a couple of thoughts ignoring performance which as stated is why it won't happen. It will likely be more secure than the tcpdump incarnation but will it reduce security of unbound without tcpdump at all. Hardly I guess, there's no deep packet inspection, but many have some sort of NOC anyway.