[FR] distinguish Do53, DoT and DoH in the logs

[andreasschulze]

the Problem is discussed in the list archive: https://lists.nlnetlabs.nl/pipermail/unbound-users/2023-November/008188.html

Yorgos suggested to open a FR ticket here. I like his idea to simply log the destination port and
suggest to append that information to the current log. for example here:

unbound/util/data/msgreply.c

Line 919 in 15a9b0f

log_reply_info(enum verbosity_value v, struct query_info *qinf,

[andreasschulze]

while "my" use-case would be solved by logging a destination port, other users may see benefits if the destination address is logged. It may make sense to log both if an new option log-destaddr: yes is set (or split in log-destaddr and log-destport)

[renaudallard]

It would also be useful to log the protocol (TCP/UDP).
In the end, we have 53 udp or tcp. 853 tcp for DoT and 853 udp for DoQ. 443 tcp for DoH.

[pemensik]

I have found by mistake unbound supports also DTLS on port 853, not necessary reserved for DoQ. Socket stream/datagram indication should be present, but I think indication of protocol used to receive query would be the best. You can still configure to accept DoT on port 443, at least dnssec-trigger uses that.

[wcawijngaards]

The option log-destaddr: yes can be used print the destination address, port and type, for the log-replies output. It is implemented in the commit to the repository.

The fix adds this type of output to the log replies: 127.0.0.1 localhost. A IN NOERROR 0.000000 1 54 on tcp 127.0.0.1 53.

[andreasschulze]

Hello Wouter, looks like the commit didn't found a way into release 1.19.1. Was this intentional?

[wcawijngaards]

The 1.19.1 release is a security release, and contains the security fixes only. The code is there waiting for a next release, in the code repository.