Speaker
Description
DNSTAP is used extensively by most open-source DNS components to report on events passing through their query or response phases. Processing DNSTAP messages at large volumes and with highly customizable capabilities is a function of the Vector open-source streaming data processor.
This talk is an introduction and lessons-learned summary of Quad9's implementation of Vector as a DNSTAP processing tool, both at the edge of the network as well as a central "hub" for data from the field.
I will explain some of the fundamentals of the tool, with specific focus on the DNSTAP and protobuf ingestion sources, and will also highlight some of the DNS-specific modules that have been recently incorporated into Vector to permit detailed analysis of DNS data and related enrichments.
Event modification, enrichment, and Prometheus-style aggregation will be covered briefly. The intention of the discussion is to build interest in experimenting with and implementation of this tool, which will build the developer community towards more robust features that are DNS-specific.
| Talk duration | 20 Minutes (+5 for Q&A) |
|---|
