Add a note to the ARM on dnstap & resolver traffic

Warn users that server-side IP addresses are not stored in dnstap captures of resolver traffic unless "query-source(-v6)" is explicitly set, explaining why it is so. (cherry picked from commit 366f7a938b)
2022-06-22 15:09:43 +02:00
parent 2eddca913e
commit 40aceeb96a
1 changed files with 8 additions and 0 deletions
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1041,6 +1041,14 @@ default is used.
        resolver query;
      };

+   .. note:: In the default configuration, the dnstap output for
+      recursive resolver traffic does not include the IP addresses used
+      by server-side sockets. This is caused by the fact that unless the
+      :ref:`query source address <query_address>` is explicitly set,
+      these sockets are bound to wildcard IP addresses and determining
+      the specific IP address used by each of them requires issuing a
+      system call (i.e. incurring a performance penalty).
+
   Logged ``dnstap`` messages can be parsed using the :iscman:`dnstap-read`
   utility (see :ref:`man_dnstap-read` for details).