Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Overview

DNS TAPIR analysts are typically implemented as simple microservices written in the Go programming language. A template project exists at https://github.com/dnstapir/tapir-analyse-go-cookiecutter that can be used with https://www.cookiecutter.io/ to bootstrap an implementation.

Observation Encodings

Perhaps the most important task of an analyst is to produce observations that are consumed by Edge nodes. Whether observations affect the resolution process of an Edge node is up to each Edge operator to decide for themselves via configuration of their DNS TAPIR Policy Processor. Available observations are documented in the Observation Encodings Section.

Design Patterns

Some design patterns that analysts should follow to ensure a smooth deployment include:

Logging

Analysts should write their logs to stdout in JSON format. There is currently no schema for the logging format.

Source Code Version Traceability

During startup, analysts should produce a log entry containing the git sha from which it was built.

CLI Args Should Not Be Required

It should be possible to invoke the analyst without any command line arguments. That means configuration should either go in a file or be read from the environment. A file is preferred in the general case while environment variables are preferred for secrets such as URLs containing credentials.

Configuration File Handling

Analysts should by default look for a configuration file relative to the working directory. The name of the configuration file should be config.toml and it should use the TOML format: https://toml.io/.

Environment Variables

Analysts should be able to read potentially sensitive configuration options from environment variables. Some examples include URLs if they have a userinfo field and API tokens. If, during runtime, an environment variable overrides a configuration option read from a CLI argument or a file, this should be noted in the logs, typically during startup. The name of the overriding environment variable should be stated but not the value since sensitive info should not appear in the log.