Logging

Logging

Even when you are not browsing any websites, devices constantly send a large amount of DNS traffic.

dnscrypt-proxy let you watch in real time what DNS queries are being sent, so you can block the ones you don't trust.

These logs stay on your computer: they are just saved as local files, and are not sent to any servers.

Query log

The configuration file includes a [query_log] section:

[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
format = 'tsv'
ignored_qtypes = ['DNSKEY', 'NS']

This can be used to log individual queries.

If the file property is not defined, no logs will be stored.

format can be either tsv or ltsv.

The tsv format is a simple list of Tab-Separated Values, easy to parse but also easy to read.

ltsv is a structured format that is less human-readable, but simple to parse and usually a better fit for log processors.

By default, all types of DNS queries are logged. In order to reduce the noise, the optional ignored_qtypes property can contain a list of record types to be ignored.

Custom log format / log processors

Instead of being directly stored to a file, logs can be pushed to named pipes:

1. Create a named pipe

mkfifo /tmp/query.log.pipe

Check that it is be writable by the user dnscrypt-proxy will be running as.

Then, configure dnscrypt-proxy to write to that pipe instead of an actual file:

[query_log]
file = '/tmp/query.log.pipe'

Such logs can be read and processed on the fly by other applications such as flowgger for filtering, long-term storage, observability or analytics.

They can also be transformed to different formats. For example, the following shell command removes the IP address from TSV logs:

#! /bin/sh
exec cut -f1,3- /tmp/query.log.pipe >> /tmp/query.log.noips

All log produced by dnscrypt-proxy, including blocked queries and nonexistent domains can be redirected to other applications that way.