From 820affcc418484e31f4a77c54065e9c109aa1927 Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Mon, 22 Jun 2020 20:50:01 +0200 Subject: [PATCH 1/6] DNS over TLS DoT support https://github.com/elastic/beats/issues/16663 --- libbeat/processors/dns/config.go | 12 +++++++++++- libbeat/processors/dns/dns.go | 2 +- libbeat/processors/dns/docs/dns.asciidoc | 4 ++++ libbeat/processors/dns/resolver.go | 22 +++++++++++++++++++--- libbeat/processors/dns/resolver_test.go | 2 +- 5 files changed, 36 insertions(+), 6 deletions(-) diff --git a/libbeat/processors/dns/config.go b/libbeat/processors/dns/config.go index ae447a20c72..3dcb5a4f345 100644 --- a/libbeat/processors/dns/config.go +++ b/libbeat/processors/dns/config.go @@ -36,6 +36,7 @@ type Config struct { Action FieldAction `config:"action"` // Append or replace (defaults to append) when target exists. TagOnFailure []string `config:"tag_on_failure"` // Tags to append when a failure occurs. Fields common.MapStr `config:"fields"` // Mapping of source fields to target fields. + Transport string `config:"transport"` // Can be tls, or udp reverseFlat map[string]string } @@ -117,6 +118,14 @@ func (c *Config) Validate() error { c.reverseFlat[k] = target } + c.Transport = strings.ToLower(c.Transport) + switch c.Transport { + case "tls": + case "udp": + default: + return errors.Errorf("invalid Transport method type '%v' specified in "+ + "config (valid value is: tls or udp)", c.Transport) + } return nil } @@ -155,5 +164,6 @@ var defaultConfig = Config{ MaxCapacity: 10000, }, }, - Timeout: 500 * time.Millisecond, + Transport: "udp", + Timeout: 500 * time.Millisecond, } diff --git a/libbeat/processors/dns/dns.go b/libbeat/processors/dns/dns.go index 49b4946733e..2ac913f3016 100644 --- a/libbeat/processors/dns/dns.go +++ b/libbeat/processors/dns/dns.go @@ -65,7 +65,7 @@ func New(cfg *common.Config) (processors.Processor, error) { ) log.Debugf("DNS processor config: %+v", c) - resolver, err := NewMiekgResolver(metrics, c.Timeout, c.Nameservers...) + resolver, err := NewMiekgResolver(metrics, c.Timeout, c.Transport, c.Nameservers...) if err != nil { return nil, err } diff --git a/libbeat/processors/dns/docs/dns.asciidoc b/libbeat/processors/dns/docs/dns.asciidoc index b75fb8bf87a..9cc4293cb78 100644 --- a/libbeat/processors/dns/docs/dns.asciidoc +++ b/libbeat/processors/dns/docs/dns.asciidoc @@ -45,6 +45,7 @@ processors: - dns: type: reverse action: append + dot: false fields: server.ip: server.hostname client.ip: client.hostname @@ -104,3 +105,6 @@ for each DNS request so if you have 2 nameservers then the total timeout will be `tag_on_failure`:: A list of tags to add to the event when any lookup fails. The tags are only added once even if multiple lookups fail. By default no tags are added upon failure. + +`transport`:: The type of transport connection that should be used can either be +`tls` (DNS over TLS) or UDP. By default `udp` diff --git a/libbeat/processors/dns/resolver.go b/libbeat/processors/dns/resolver.go index 701ee8e49ac..42be1e193f2 100644 --- a/libbeat/processors/dns/resolver.go +++ b/libbeat/processors/dns/resolver.go @@ -64,7 +64,7 @@ type nameserverStats struct { // NewMiekgResolver returns a new MiekgResolver. It returns an error if no // nameserver are given and none can be read from /etc/resolv.conf. -func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, servers ...string) (*MiekgResolver, error) { +func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, Transport string, servers ...string) (*MiekgResolver, error) { // Use /etc/resolv.conf if no nameservers are given. (Won't work for Windows). if len(servers) == 0 { config, err := dns.ClientConfigFromFile(etcResolvConf) @@ -77,7 +77,14 @@ func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, servers . // Add port if one was not specified. for i, s := range servers { if _, _, err := net.SplitHostPort(s); err != nil { - withPort := s + ":53" + withPort := "" + switch Transport { + case "tls": + withPort = s + ":853" + default: + withPort = s + ":53" + } + if _, _, retryErr := net.SplitHostPort(withPort); retryErr == nil { servers[i] = withPort continue @@ -90,9 +97,18 @@ func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, servers . timeout = defaultConfig.Timeout } + clientTransferTyp := "udp" + + switch Transport { + case "tls": + clientTransferTyp = "tcp-tls" + default: + clientTransferTyp = "udp" + } + return &MiekgResolver{ client: &dns.Client{ - Net: "udp", + Net: clientTransferTyp, Timeout: timeout, }, servers: servers, diff --git a/libbeat/processors/dns/resolver_test.go b/libbeat/processors/dns/resolver_test.go index 0340da316d7..eaa420fbc79 100644 --- a/libbeat/processors/dns/resolver_test.go +++ b/libbeat/processors/dns/resolver_test.go @@ -38,7 +38,7 @@ func TestMiekgResolverLookupPTR(t *testing.T) { defer stop() reg := monitoring.NewRegistry() - res, err := NewMiekgResolver(reg.NewRegistry(logName), 0, addr) + res, err := NewMiekgResolver(reg.NewRegistry(logName), 0, "udp", addr) if err != nil { t.Fatal(err) } From 231ce93ae6dd116f296ae7f68acb6cafb1ad6c5c Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Mon, 22 Jun 2020 20:53:35 +0200 Subject: [PATCH 2/6] added changelog https://github.com/elastic/beats/pull/19321 --- CHANGELOG-developer.next.asciidoc | 1 + CHANGELOG.next.asciidoc | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 8f2a8b4fbf5..afe4efcc890 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -58,6 +58,7 @@ The list below covers the major changes between 7.0.0-rc2 and master only. ==== Added +- Add support for DNS over TLS for the dns_processor. {pull}19321[19321] - Add configuration for APM instrumentation and expose the tracer trough the Beat object. {pull}17938[17938] - Make the behavior of clientWorker and netClientWorker consistent when error is returned from publisher pipeline - Metricset generator generates beta modules by default now. {pull}10657[10657] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 53123ca30f5..eb0672b300e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -300,6 +300,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Affecting all Beats* +- Add support for DNS over TLS for the dns_processor. {pull}19321[19321] - Add configuration for APM instrumentation and expose the tracer trough the Beat object. {pull}17938[17938] - Add document_id setting to decode_json_fields processor. {pull}15859[15859] - Include network information by default on add_host_metadata and add_observer_metadata. {issue}15347[15347] {pull}16077[16077] From 1fd26ba564f7291de061207460dec612cbfbd9fe Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Mon, 22 Jun 2020 21:12:40 +0200 Subject: [PATCH 3/6] Update dns.asciidoc --- libbeat/processors/dns/docs/dns.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbeat/processors/dns/docs/dns.asciidoc b/libbeat/processors/dns/docs/dns.asciidoc index 9cc4293cb78..89f6eaee0ad 100644 --- a/libbeat/processors/dns/docs/dns.asciidoc +++ b/libbeat/processors/dns/docs/dns.asciidoc @@ -45,7 +45,7 @@ processors: - dns: type: reverse action: append - dot: false + transport: tls fields: server.ip: server.hostname client.ip: client.hostname From d6d26dc4dff519c523215f166a861c2b19ebc5de Mon Sep 17 00:00:00 2001 From: Philipp Kahr Date: Tue, 23 Jun 2020 09:00:58 +0200 Subject: [PATCH 4/6] added testsuite for https://github.com/elastic/beats/pull/19321 --- libbeat/processors/dns/resolver_test.go | 120 ++++++++++++++++++++++++ 1 file changed, 120 insertions(+) diff --git a/libbeat/processors/dns/resolver_test.go b/libbeat/processors/dns/resolver_test.go index eaa420fbc79..84f03651dd0 100644 --- a/libbeat/processors/dns/resolver_test.go +++ b/libbeat/processors/dns/resolver_test.go @@ -18,6 +18,7 @@ package dns import ( + "crypto/tls" "net" "strings" "testing" @@ -68,8 +69,61 @@ func TestMiekgResolverLookupPTR(t *testing.T) { assert.Equal(t, 12, metricCount) } +func TestMiekgResolverLookupPTRTLS(t *testing.T) { + //Build Cert + cert, err := tls.X509KeyPair(CertPEMBlock, KeyPEMBlock) + if err != nil { + t.Fatalf("unable to build certificate: %v", err) + } + config := tls.Config{ + Certificates: []tls.Certificate{cert}, + } + // serve TLS with cert + stop, addr, err := ServeDNSTLS(FakeDNSHandler, &config) + if err != nil { + t.Fatal(err) + } + defer stop() + + reg := monitoring.NewRegistry() + + res, err := NewMiekgResolver(reg.NewRegistry(logName), 0, "tls", addr) + if err != nil { + t.Fatal(err) + } + // we use a self signed certificate for localhost + // we have to pass InsecureSSL to the DNS resolver + res.client.TLSConfig = &tls.Config{ + InsecureSkipVerify: true, + } + // Success + ptr, err := res.LookupPTR("8.8.8.8") + if err != nil { + t.Fatal(err) + } + assert.EqualValues(t, "google-public-dns-a.google.com", ptr.Host) + assert.EqualValues(t, 19273, ptr.TTL) + + // NXDOMAIN + _, err = res.LookupPTR("1.1.1.1") + if assert.Error(t, err) { + assert.Contains(t, err.Error(), "NXDOMAIN") + } + + // Validate that our metrics exist. + var metricCount int + reg.Do(monitoring.Full, func(name string, v interface{}) { + if strings.Contains(name, "processor.dns") { + metricCount++ + } + t.Logf("%v: %+v", name, v) + }) + assert.Equal(t, 12, metricCount) +} + func ServeDNS(h dns.HandlerFunc) (cancel func() error, addr string, err error) { // Setup listener on ephemeral port. + a, err := net.ResolveUDPAddr("udp4", "localhost:0") if err != nil { return nil, "", err @@ -86,6 +140,20 @@ func ServeDNS(h dns.HandlerFunc) (cancel func() error, addr string, err error) { return s.Shutdown, s.PacketConn.LocalAddr().String(), err } +func ServeDNSTLS(h dns.HandlerFunc, config *tls.Config) (cancel func() error, addr string, err error) { + // Setup listener on ephemeral port. + l, err := tls.Listen("tcp", ":0", config) + if err != nil { + return nil, "", err + } + + var s dns.Server + s.Handler = h + s.Listener = l + go s.ActivateAndServe() + return s.Shutdown, l.Addr().String(), err +} + func FakeDNSHandler(w dns.ResponseWriter, msg *dns.Msg) { m := new(dns.Msg) m.SetReply(msg) @@ -98,3 +166,55 @@ func FakeDNSHandler(w dns.ResponseWriter, msg *dns.Msg) { } w.WriteMsg(m) } + +var ( + KeyPEMBlock = []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA2g2zpEtWaIUx5o6MEnWnGsf0Ba1SDc3AwgOmxeNIPBJYVCrk +sWe8Qt/5nymReVFcum76995ncr/zT+e4e8l+hXuGzTKZJpOj27Igb0/wa3j2hIcu +rnbzfwkJ+KMag2UUKdSo31ChMU+64bwziEXunF347Ot7dBLtw3PJKbabNCP+/oil +iUv2TzxxYosN+AEg4gNKLa3DMpbUnD+9Igb9KmaVp1FVhZted/AP4vn7h6Urb4ER +xMuvv3xqZvIKQ9/G1XAISYXk2feZ5yP+k1HF4ds7HJDwrP+Bv+EVyv38EKdmu9N3 +Oej8wKf3Acjln/ucbg1S3Dmkyg0x2388S4c35wIDAQABAoIBAB8MnGvknmU7siNW +YPOv9R+HIWQ9jdWRWsVFp9W9y2diZVl20iHA17neErlrPd+8iiux6eKptKlOU+Mo +58gYpP9023kUn2Iy275I2v1+sIldLB0q8qa9IWcRbm4NK5VSK1DZi0JhRNK0u7Ox +DNV2v8dcSjnSPj4FA/402owqCGegBQuheYE0LDEMiNAm6hZmQ5Npf0mTfJA/OuM4 +ONSR7lNncrR0pOZ3f3WWH+021eoZCgu2A64yfX5FFI7y5jvRn8KigXEDfXcdyFKO +725Slq4V2E2NmrMyRKNBLUSUC2hcy0tQsfo3+yANxA6PBNQ0EVqkF4uGn1IzNWOz +gDSyfSECgYEA2jgTpv9v0SrURdY3lOOjYZNCoJ9ZhUTxOsQQZLUJ+1/bQQ4Y0ONK +cnC/Ve76C/k+otbILAaRnOxGw5Apq25yPNoxjFFzP7tbN85IB+4db637qZNK2gfX +oEJd6wat4Urs8NbUKCE+XkbdENOIdXUiQxp9U6jXxprd5Ii4jICwRvsCgYEA/85J +1to++Td64gKfWDv4FUo5ZqVn70JdM/Knf5Pd37z/sjNowxhDz7AhismRditX02lt +T2g/raIW9Z/SpxI44VHCRJGPOvBvaMgCNGOH0FBHatFsfKwKzpMwapTfobqj3ZYa +DDDc8r9WQM8IDcLM6B7aOV46LWMEhMRSfDa9bwUCgYEAokbRVn7eSE3xTX3gF3ix +Jv67rXbSu6hpO6pSBpIaujSud9Jj4fMkibYOk3kDuaPAUJgog5Te9DNA7G1oj3Oy +wE4CSrbHXb2WOAnOxxbsDQD1BUXjhAAQ+bxg20Y8SC3Pxcn8O1t9Zd6MxtaHw9E3 +iW9Jg80rqSXBnRGPK+0HKcECgYBsRYk1WjzLSTNG1CtTslZH1JnFG3+JYoKGiU9i +DVkc6Sck6uONqAiTsI4R600ZQjEzN21f7dT+Dhw/rH0B4BGZNPzP/vgrzzaol/du +6y3B+yivSqLrhfoxA1W71vVsw8217WFrBYePa3L7jWVwRaJrIRvmqj5flYiFFX+A +Ob8mbQKBgAHhlnVzoKCq4mZ7Glpc0K6L57btVZNn0TEGyVli1ECvgC3zRm1rEofG +LatVl7h6ud25ZJYnP7DelGxHsZnDXNirLFlSB0CL4F6I5xNoBvCoH0Q8ckDSh4C7 +tlAyD5m9gwvgdkNFWq6/lcUPxGksTtTk8dGnhJz8pGlZvp6+dZCM +-----END RSA PRIVATE KEY-----`) + + CertPEMBlock = []byte(`-----BEGIN CERTIFICATE----- +MIIDaTCCAlGgAwIBAgIQGqg47wLgbjwwrZASuakmwjANBgkqhkiG9w0BAQsFADAy +MRQwEgYDVQQKEwtMb2cgQ291cmllcjEaMBgGA1UEAxMRYmVhdHMuZWxhc3RpYy5j +b20wHhcNMjAwNjIzMDY0NDEwWhcNMjEwNjIzMDY0NDEwWjAyMRQwEgYDVQQKEwtM +b2cgQ291cmllcjEaMBgGA1UEAxMRYmVhdHMuZWxhc3RpYy5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDbOkS1ZohTHmjowSdacax/QFrVINzcDC +A6bF40g8ElhUKuSxZ7xC3/mfKZF5UVy6bvr33mdyv/NP57h7yX6Fe4bNMpkmk6Pb +siBvT/BrePaEhy6udvN/CQn4oxqDZRQp1KjfUKExT7rhvDOIRe6cXfjs63t0Eu3D +c8kptps0I/7+iKWJS/ZPPHFiiw34ASDiA0otrcMyltScP70iBv0qZpWnUVWFm153 +8A/i+fuHpStvgRHEy6+/fGpm8gpD38bVcAhJheTZ95nnI/6TUcXh2zsckPCs/4G/ +4RXK/fwQp2a703c56PzAp/cByOWf+5xuDVLcOaTKDTHbfzxLhzfnAgMBAAGjezB5 +MA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8E +BTADAQH/MEEGA1UdEQQ6MDiCATqCCWxvY2FsaG9zdIcQAAAAAAAAAAAAAAAAAAAA +AIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAL6px +cjflhqqewqa9cvhFNT6E7UDnA7Mf34GIQPQrORXyOnyE11mDp5sEMGaz8bDajHHc +0JL8Q/5rDyRsSfe1pIyViAOxn+V/7qXfgowI3tkJbSaqHX7SlHF0dEiuGQ1coBMx +RgW17XhPtV+fk/DiXtUEkgtB7/q0Kc9C9C2GJIbOtupZ/mnkdk/5YT4tfXywNnWC +lLjT6T5+wZgRkcnr7lYNiTdS+GtN0YspPT+YD3ZTJCYD9KPcbA6k9XXXwmU8Ij6H +waodyGzG03YJbY3l2zSt3lG3jv9Tj+Ic0kRyEzzxk8exyi6nWXue/6a884kgAjiL +bXmdL6wkIJz1U+XtuQ== +-----END CERTIFICATE-----`) +) From 56ee4000dff4f3c84bde6ac4b46e00d8ef4f548f Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Thu, 16 Jul 2020 09:56:28 +0200 Subject: [PATCH 5/6] Fix CHANGELOG entries and lint fixes --- CHANGELOG-developer.next.asciidoc | 1 - CHANGELOG.next.asciidoc | 2 +- libbeat/processors/dns/resolver.go | 17 ++++++++--------- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index afe4efcc890..8f2a8b4fbf5 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -58,7 +58,6 @@ The list below covers the major changes between 7.0.0-rc2 and master only. ==== Added -- Add support for DNS over TLS for the dns_processor. {pull}19321[19321] - Add configuration for APM instrumentation and expose the tracer trough the Beat object. {pull}17938[17938] - Make the behavior of clientWorker and netClientWorker consistent when error is returned from publisher pipeline - Metricset generator generates beta modules by default now. {pull}10657[10657] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index eb0672b300e..862852386c7 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -300,7 +300,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Affecting all Beats* -- Add support for DNS over TLS for the dns_processor. {pull}19321[19321] - Add configuration for APM instrumentation and expose the tracer trough the Beat object. {pull}17938[17938] - Add document_id setting to decode_json_fields processor. {pull}15859[15859] - Include network information by default on add_host_metadata and add_observer_metadata. {issue}15347[15347] {pull}16077[16077] @@ -342,6 +341,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add the `overwrite_keys` configuration option to the dissect processor. {pull}19464[19464] - Add support to trim captured values in the dissect processor. {pull}19464[19464] - Added the `max_cached_sessions` option to the script processor. {pull}19562[19562] +- Add support for DNS over TLS for the dns_processor. {pull}19321[19321] *Auditbeat* diff --git a/libbeat/processors/dns/resolver.go b/libbeat/processors/dns/resolver.go index 42be1e193f2..366f00e165f 100644 --- a/libbeat/processors/dns/resolver.go +++ b/libbeat/processors/dns/resolver.go @@ -64,7 +64,7 @@ type nameserverStats struct { // NewMiekgResolver returns a new MiekgResolver. It returns an error if no // nameserver are given and none can be read from /etc/resolv.conf. -func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, Transport string, servers ...string) (*MiekgResolver, error) { +func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, transport string, servers ...string) (*MiekgResolver, error) { // Use /etc/resolv.conf if no nameservers are given. (Won't work for Windows). if len(servers) == 0 { config, err := dns.ClientConfigFromFile(etcResolvConf) @@ -77,8 +77,8 @@ func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, Transport // Add port if one was not specified. for i, s := range servers { if _, _, err := net.SplitHostPort(s); err != nil { - withPort := "" - switch Transport { + var withPort string + switch transport { case "tls": withPort = s + ":853" default: @@ -97,18 +97,17 @@ func NewMiekgResolver(reg *monitoring.Registry, timeout time.Duration, Transport timeout = defaultConfig.Timeout } - clientTransferTyp := "udp" - - switch Transport { + var clientTransferType string + switch transport { case "tls": - clientTransferTyp = "tcp-tls" + clientTransferType = "tcp-tls" default: - clientTransferTyp = "udp" + clientTransferType = "udp" } return &MiekgResolver{ client: &dns.Client{ - Net: clientTransferTyp, + Net: clientTransferType, Timeout: timeout, }, servers: servers, From bf965ee32ceaf6723d0ab272a5bbddc56aac7d3f Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Fri, 17 Jul 2020 10:27:16 +0200 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Andrew Kroh --- libbeat/processors/dns/config.go | 4 ++-- libbeat/processors/dns/docs/dns.asciidoc | 2 +- libbeat/processors/dns/resolver_test.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libbeat/processors/dns/config.go b/libbeat/processors/dns/config.go index 3dcb5a4f345..9a669f187ff 100644 --- a/libbeat/processors/dns/config.go +++ b/libbeat/processors/dns/config.go @@ -36,7 +36,7 @@ type Config struct { Action FieldAction `config:"action"` // Append or replace (defaults to append) when target exists. TagOnFailure []string `config:"tag_on_failure"` // Tags to append when a failure occurs. Fields common.MapStr `config:"fields"` // Mapping of source fields to target fields. - Transport string `config:"transport"` // Can be tls, or udp + Transport string `config:"transport"` // Can be tls or udp. reverseFlat map[string]string } @@ -123,7 +123,7 @@ func (c *Config) Validate() error { case "tls": case "udp": default: - return errors.Errorf("invalid Transport method type '%v' specified in "+ + return errors.Errorf("invalid transport method type '%v' specified in "+ "config (valid value is: tls or udp)", c.Transport) } return nil diff --git a/libbeat/processors/dns/docs/dns.asciidoc b/libbeat/processors/dns/docs/dns.asciidoc index 89f6eaee0ad..6e6347f2dd2 100644 --- a/libbeat/processors/dns/docs/dns.asciidoc +++ b/libbeat/processors/dns/docs/dns.asciidoc @@ -107,4 +107,4 @@ tags are only added once even if multiple lookups fail. By default no tags are added upon failure. `transport`:: The type of transport connection that should be used can either be -`tls` (DNS over TLS) or UDP. By default `udp` +`tls` (DNS over TLS) or `udp`. Defaults to `udp`. diff --git a/libbeat/processors/dns/resolver_test.go b/libbeat/processors/dns/resolver_test.go index 84f03651dd0..904979514db 100644 --- a/libbeat/processors/dns/resolver_test.go +++ b/libbeat/processors/dns/resolver_test.go @@ -142,7 +142,7 @@ func ServeDNS(h dns.HandlerFunc) (cancel func() error, addr string, err error) { func ServeDNSTLS(h dns.HandlerFunc, config *tls.Config) (cancel func() error, addr string, err error) { // Setup listener on ephemeral port. - l, err := tls.Listen("tcp", ":0", config) + l, err := tls.Listen("tcp", "localhost:0", config) if err != nil { return nil, "", err }