'Is there a way to retrieve the EDNS client subnet (if applicable) in the Cloud DNS logs?
I have a public zone in Cloud DNS with logging enabled and geo-based routing.
A sample log from a DNS query looks like this:
{
"insertId": "<id>",
"jsonPayload": {
"sourceIP": "<source ip>",
"routingLocation": "us-east1",
"queryName": "<query name>",
"authAnswer": true,
"destinationIP": "<destination ip>",
"responseCode": "NOERROR",
"serverLatency": 0,
"routingPolicyType": "GEO",
"routingLocationSignal": "SOURCE_IP",
"structuredRdata": [
{
"class": "IN",
"domainName": "<query name>",
"rvalue": "<response value>",
"type": "A",
"ttl": "300"
}
],
"protocol": "UDP",
"queryType": "A"
},
"resource": {
"type": "dns_query",
"labels": {
"target_name": "<zone name>",
"target_type": "public-zone",
"project_id": "<project id>",
"source_type": "internet",
"location": "global"
}
},
"timestamp": "<ts>",
"severity": "INFO",
"logName": "projects/<project name>/logs/dns.googleapis.com%2Fdns_queries",
"receiveTimestamp": "<ts>"
}
Of note is routingPolicyType and routingLocationSignal. I'd like to also receive the EDNS Client Subnet information that I know GCP is using for Geo-based routing as mentioned in this docs page. An example may look something like this:
"option": [
{
"code": 0,
"family": 1,
"sourceNetmask": 24,
"sourceScope": 0,
"address": "<client network address>"
}
]
This is a long shot, but is it possible to somehow enable this verbosity in the Cloud DNS query logs, or is there any other means of retrieving this information? GCP has and uses this data, it's just not making it into the logs currently.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|