dnstt_exporter/README.md

# dnstt_exporter

Prometheus exporter for DNSTT client/session metrics.

`dnstt_exporter` observes DNSTT DNS traffic on a local Linux host and exports
aggregate Prometheus metrics. It does not proxy, terminate, or configure DNSTT;
it passively decodes DNSTT session IDs from DNS query names.

## Usage

```sh
sudo dnstt_exporter \
  -dnstt.domain tunnel.example.com \
  -dnstt.port 53 \
  -web.listen-address :9713
```

The exporter needs permission to open an `AF_PACKET` raw socket. Run it as root
or grant the binary `CAP_NET_RAW`.

Metrics are served at `http://127.0.0.1:9713/metrics` by default.

## Metrics

All DNSTT metrics use a `domain` label:

- `dnstt_active_clients`
- `dnstt_peak_clients`
- `dnstt_queries_total`
- `dnstt_bytes_in_total`
- `dnstt_bytes_out_total`
- `dnstt_sessions_total`

## Development

```sh
go test ./...
go build ./cmd/dnstt_exporter
```
init 2026-05-05 13:25:03 +02:00			`# dnstt_exporter`

			`Prometheus exporter for DNSTT client/session metrics.`
initial working version 2026-05-05 13:43:02 +02:00
			`dnstt_exporter` observes DNSTT DNS traffic on a local Linux host and exports
			`aggregate Prometheus metrics. It does not proxy, terminate, or configure DNSTT;`
			`it passively decodes DNSTT session IDs from DNS query names.`

			`## Usage`

			```sh
			`sudo dnstt_exporter \`
			`-dnstt.domain tunnel.example.com \`
			`-dnstt.port 53 \`
			`-web.listen-address :9713`
			```

			The exporter needs permission to open an `AF_PACKET` raw socket. Run it as root
			or grant the binary `CAP_NET_RAW`.

			Metrics are served at `http://127.0.0.1:9713/metrics` by default.

			`## Metrics`

			All DNSTT metrics use a `domain` label:

			- `dnstt_active_clients`
			- `dnstt_peak_clients`
			- `dnstt_queries_total`
			- `dnstt_bytes_in_total`
			- `dnstt_bytes_out_total`
			- `dnstt_sessions_total`

			`## Development`

			```sh
			`go test ./...`
			`go build ./cmd/dnstt_exporter`
			```