make a cloudflare packagev0.1.2

    move cloudflare stuff to a package
    display cloudflare API values
    dns protobuf example
    sort output, but gocli formatting is bad
    cloudflare window can be closed
    first time success pushing AAAA records for my box
    enable a cloudflare button
    RFC 8482. DNS servers we use should respond to ANY
    	We should support ANY requests via DNS
    	as long as we enforce TCP over UDP
    populate the API provider
    domain NS record changes are tracked
    check hostname OS configuration
    detect domain name changes
    lookup of NS records for my domain name
    button to investigate port 53 daemon
    start dns resolver detection and debugging
    measure dns resolution speed
    sort todo items

Signed-off-by: Jeff Carr <[email protected]>

4 files changed, 1138 insertions, 0 deletions

diff --git a/protobuf/Makefile b/protobuf/Makefile
new file mode 100644
index 0000000..35a9d9c
--- /dev/null
+++ b/protobuf/Makefile
@@ -0,0 +1,22 @@
+all:
+	protoc --version
+	make dnsmessage.pb.go
+
+clean:
+	rm -f *.pb.go
+
+dnsmessage.pb.go: dnsmessage.proto
+	protoc --go_out=. dnsmessage.proto
+
+compile:
+	protoc --go_out=. *.proto
+
+deps:
+	apt install golang-goprotobuf-dev
+	apt install protobuf-compiler
+
+push:
+	git pull
+	git add --all
+	git commit -a -s
+	git push
diff --git a/protobuf/dnsmessage.pb.go b/protobuf/dnsmessage.pb.go
new file mode 100644
index 0000000..50fab47
--- /dev/null
+++ b/protobuf/dnsmessage.pb.go
@@ -0,0 +1,749 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: dnsmessage.proto
+
+package dnsmessage
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type PBDNSMessage_Type int32
+
+const (
+	PBDNSMessage_DNSQueryType            PBDNSMessage_Type = 1
+	PBDNSMessage_DNSResponseType         PBDNSMessage_Type = 2
+	PBDNSMessage_DNSOutgoingQueryType    PBDNSMessage_Type = 3
+	PBDNSMessage_DNSIncomingResponseType PBDNSMessage_Type = 4
+)
+
+var PBDNSMessage_Type_name = map[int32]string{
+	1: "DNSQueryType",
+	2: "DNSResponseType",
+	3: "DNSOutgoingQueryType",
+	4: "DNSIncomingResponseType",
+}
+
+var PBDNSMessage_Type_value = map[string]int32{
+	"DNSQueryType":            1,
+	"DNSResponseType":         2,
+	"DNSOutgoingQueryType":    3,
+	"DNSIncomingResponseType": 4,
+}
+
+func (x PBDNSMessage_Type) Enum() *PBDNSMessage_Type {
+	p := new(PBDNSMessage_Type)
+	*p = x
+	return p
+}
+
+func (x PBDNSMessage_Type) String() string {
+	return proto.EnumName(PBDNSMessage_Type_name, int32(x))
+}
+
+func (x *PBDNSMessage_Type) UnmarshalJSON(data []byte) error {
+	value, err := proto.UnmarshalJSONEnum(PBDNSMessage_Type_value, data, "PBDNSMessage_Type")
+	if err != nil {
+		return err
+	}
+	*x = PBDNSMessage_Type(value)
+	return nil
+}
+
+func (PBDNSMessage_Type) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 0}
+}
+
+type PBDNSMessage_SocketFamily int32
+
+const (
+	PBDNSMessage_INET  PBDNSMessage_SocketFamily = 1
+	PBDNSMessage_INET6 PBDNSMessage_SocketFamily = 2
+)
+
+var PBDNSMessage_SocketFamily_name = map[int32]string{
+	1: "INET",
+	2: "INET6",
+}
+
+var PBDNSMessage_SocketFamily_value = map[string]int32{
+	"INET":  1,
+	"INET6": 2,
+}
+
+func (x PBDNSMessage_SocketFamily) Enum() *PBDNSMessage_SocketFamily {
+	p := new(PBDNSMessage_SocketFamily)
+	*p = x
+	return p
+}
+
+func (x PBDNSMessage_SocketFamily) String() string {
+	return proto.EnumName(PBDNSMessage_SocketFamily_name, int32(x))
+}
+
+func (x *PBDNSMessage_SocketFamily) UnmarshalJSON(data []byte) error {
+	value, err := proto.UnmarshalJSONEnum(PBDNSMessage_SocketFamily_value, data, "PBDNSMessage_SocketFamily")
+	if err != nil {
+		return err
+	}
+	*x = PBDNSMessage_SocketFamily(value)
+	return nil
+}
+
+func (PBDNSMessage_SocketFamily) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 1}
+}
+
+type PBDNSMessage_SocketProtocol int32
+
+const (
+	PBDNSMessage_UDP PBDNSMessage_SocketProtocol = 1
+	PBDNSMessage_TCP PBDNSMessage_SocketProtocol = 2
+)
+
+var PBDNSMessage_SocketProtocol_name = map[int32]string{
+	1: "UDP",
+	2: "TCP",
+}
+
+var PBDNSMessage_SocketProtocol_value = map[string]int32{
+	"UDP": 1,
+	"TCP": 2,
+}
+
+func (x PBDNSMessage_SocketProtocol) Enum() *PBDNSMessage_SocketProtocol {
+	p := new(PBDNSMessage_SocketProtocol)
+	*p = x
+	return p
+}
+
+func (x PBDNSMessage_SocketProtocol) String() string {
+	return proto.EnumName(PBDNSMessage_SocketProtocol_name, int32(x))
+}
+
+func (x *PBDNSMessage_SocketProtocol) UnmarshalJSON(data []byte) error {
+	value, err := proto.UnmarshalJSONEnum(PBDNSMessage_SocketProtocol_value, data, "PBDNSMessage_SocketProtocol")
+	if err != nil {
+		return err
+	}
+	*x = PBDNSMessage_SocketProtocol(value)
+	return nil
+}
+
+func (PBDNSMessage_SocketProtocol) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 2}
+}
+
+type PBDNSMessage_PolicyType int32
+
+const (
+	PBDNSMessage_UNKNOWN    PBDNSMessage_PolicyType = 1
+	PBDNSMessage_QNAME      PBDNSMessage_PolicyType = 2
+	PBDNSMessage_CLIENTIP   PBDNSMessage_PolicyType = 3
+	PBDNSMessage_RESPONSEIP PBDNSMessage_PolicyType = 4
+	PBDNSMessage_NSDNAME    PBDNSMessage_PolicyType = 5
+	PBDNSMessage_NSIP       PBDNSMessage_PolicyType = 6
+)
+
+var PBDNSMessage_PolicyType_name = map[int32]string{
+	1: "UNKNOWN",
+	2: "QNAME",
+	3: "CLIENTIP",
+	4: "RESPONSEIP",
+	5: "NSDNAME",
+	6: "NSIP",
+}
+
+var PBDNSMessage_PolicyType_value = map[string]int32{
+	"UNKNOWN":    1,
+	"QNAME":      2,
+	"CLIENTIP":   3,
+	"RESPONSEIP": 4,
+	"NSDNAME":    5,
+	"NSIP":       6,
+}
+
+func (x PBDNSMessage_PolicyType) Enum() *PBDNSMessage_PolicyType {
+	p := new(PBDNSMessage_PolicyType)
+	*p = x
+	return p
+}
+
+func (x PBDNSMessage_PolicyType) String() string {
+	return proto.EnumName(PBDNSMessage_PolicyType_name, int32(x))
+}
+
+func (x *PBDNSMessage_PolicyType) UnmarshalJSON(data []byte) error {
+	value, err := proto.UnmarshalJSONEnum(PBDNSMessage_PolicyType_value, data, "PBDNSMessage_PolicyType")
+	if err != nil {
+		return err
+	}
+	*x = PBDNSMessage_PolicyType(value)
+	return nil
+}
+
+func (PBDNSMessage_PolicyType) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 3}
+}
+
+type PBDNSMessage struct {
+	Type                    *PBDNSMessage_Type           `protobuf:"varint,1,req,name=type,enum=PBDNSMessage_Type" json:"type,omitempty"`
+	MessageId               []byte                       `protobuf:"bytes,2,opt,name=messageId" json:"messageId,omitempty"`
+	ServerIdentity          []byte                       `protobuf:"bytes,3,opt,name=serverIdentity" json:"serverIdentity,omitempty"`
+	SocketFamily            *PBDNSMessage_SocketFamily   `protobuf:"varint,4,opt,name=socketFamily,enum=PBDNSMessage_SocketFamily" json:"socketFamily,omitempty"`
+	SocketProtocol          *PBDNSMessage_SocketProtocol `protobuf:"varint,5,opt,name=socketProtocol,enum=PBDNSMessage_SocketProtocol" json:"socketProtocol,omitempty"`
+	From                    []byte                       `protobuf:"bytes,6,opt,name=from" json:"from,omitempty"`
+	To                      []byte                       `protobuf:"bytes,7,opt,name=to" json:"to,omitempty"`
+	InBytes                 *uint64                      `protobuf:"varint,8,opt,name=inBytes" json:"inBytes,omitempty"`
+	TimeSec                 *uint32                      `protobuf:"varint,9,opt,name=timeSec" json:"timeSec,omitempty"`
+	TimeUsec                *uint32                      `protobuf:"varint,10,opt,name=timeUsec" json:"timeUsec,omitempty"`
+	Id                      *uint32                      `protobuf:"varint,11,opt,name=id" json:"id,omitempty"`
+	Question                *PBDNSMessage_DNSQuestion    `protobuf:"bytes,12,opt,name=question" json:"question,omitempty"`
+	Response                *PBDNSMessage_DNSResponse    `protobuf:"bytes,13,opt,name=response" json:"response,omitempty"`
+	OriginalRequestorSubnet []byte                       `protobuf:"bytes,14,opt,name=originalRequestorSubnet" json:"originalRequestorSubnet,omitempty"`
+	RequestorId             *string                      `protobuf:"bytes,15,opt,name=requestorId" json:"requestorId,omitempty"`
+	InitialRequestId        []byte                       `protobuf:"bytes,16,opt,name=initialRequestId" json:"initialRequestId,omitempty"`
+	DeviceId                []byte                       `protobuf:"bytes,17,opt,name=deviceId" json:"deviceId,omitempty"`
+	NewlyObservedDomain     *bool                        `protobuf:"varint,18,opt,name=newlyObservedDomain" json:"newlyObservedDomain,omitempty"`
+	DeviceName              *string                      `protobuf:"bytes,19,opt,name=deviceName" json:"deviceName,omitempty"`
+	FromPort                *uint32                      `protobuf:"varint,20,opt,name=fromPort" json:"fromPort,omitempty"`
+	ToPort                  *uint32                      `protobuf:"varint,21,opt,name=toPort" json:"toPort,omitempty"`
+	XXX_NoUnkeyedLiteral    struct{}                     `json:"-"`
+	XXX_unrecognized        []byte                       `json:"-"`
+	XXX_sizecache           int32                        `json:"-"`
+}
+
+func (m *PBDNSMessage) Reset()         { *m = PBDNSMessage{} }
+func (m *PBDNSMessage) String() string { return proto.CompactTextString(m) }
+func (*PBDNSMessage) ProtoMessage()    {}
+func (*PBDNSMessage) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0}
+}
+
+func (m *PBDNSMessage) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PBDNSMessage.Unmarshal(m, b)
+}
+func (m *PBDNSMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PBDNSMessage.Marshal(b, m, deterministic)
+}
+func (m *PBDNSMessage) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PBDNSMessage.Merge(m, src)
+}
+func (m *PBDNSMessage) XXX_Size() int {
+	return xxx_messageInfo_PBDNSMessage.Size(m)
+}
+func (m *PBDNSMessage) XXX_DiscardUnknown() {
+	xxx_messageInfo_PBDNSMessage.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PBDNSMessage proto.InternalMessageInfo
+
+func (m *PBDNSMessage) GetType() PBDNSMessage_Type {
+	if m != nil && m.Type != nil {
+		return *m.Type
+	}
+	return PBDNSMessage_DNSQueryType
+}
+
+func (m *PBDNSMessage) GetMessageId() []byte {
+	if m != nil {
+		return m.MessageId
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetServerIdentity() []byte {
+	if m != nil {
+		return m.ServerIdentity
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetSocketFamily() PBDNSMessage_SocketFamily {
+	if m != nil && m.SocketFamily != nil {
+		return *m.SocketFamily
+	}
+	return PBDNSMessage_INET
+}
+
+func (m *PBDNSMessage) GetSocketProtocol() PBDNSMessage_SocketProtocol {
+	if m != nil && m.SocketProtocol != nil {
+		return *m.SocketProtocol
+	}
+	return PBDNSMessage_UDP
+}
+
+func (m *PBDNSMessage) GetFrom() []byte {
+	if m != nil {
+		return m.From
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetTo() []byte {
+	if m != nil {
+		return m.To
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetInBytes() uint64 {
+	if m != nil && m.InBytes != nil {
+		return *m.InBytes
+	}
+	return 0
+}
+
+func (m *PBDNSMessage) GetTimeSec() uint32 {
+	if m != nil && m.TimeSec != nil {
+		return *m.TimeSec
+	}
+	return 0
+}
+
+func (m *PBDNSMessage) GetTimeUsec() uint32 {
+	if m != nil && m.TimeUsec != nil {
+		return *m.TimeUsec
+	}
+	return 0
+}
+
+func (m *PBDNSMessage) GetId() uint32 {
+	if m != nil && m.Id != nil {
+		return *m.Id
+	}
+	return 0
+}
+
+func (m *PBDNSMessage) GetQuestion() *PBDNSMessage_DNSQuestion {
+	if m != nil {
+		return m.Question
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetResponse() *PBDNSMessage_DNSResponse {
+	if m != nil {
+		return m.Response
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetOriginalRequestorSubnet() []byte {
+	if m != nil {
+		return m.OriginalRequestorSubnet
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetRequestorId() string {
+	if m != nil && m.RequestorId != nil {
+		return *m.RequestorId
+	}
+	return ""
+}
+
+func (m *PBDNSMessage) GetInitialRequestId() []byte {
+	if m != nil {
+		return m.InitialRequestId
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetDeviceId() []byte {
+	if m != nil {
+		return m.DeviceId
+	}
+	return nil
+}
+
+func (m *PBDNSMessage) GetNewlyObservedDomain() bool {
+	if m != nil && m.NewlyObservedDomain != nil {
+		return *m.NewlyObservedDomain
+	}
+	return false
+}
+
+func (m *PBDNSMessage) GetDeviceName() string {
+	if m != nil && m.DeviceName != nil {
+		return *m.DeviceName
+	}
+	return ""
+}
+
+func (m *PBDNSMessage) GetFromPort() uint32 {
+	if m != nil && m.FromPort != nil {
+		return *m.FromPort
+	}
+	return 0
+}
+
+func (m *PBDNSMessage) GetToPort() uint32 {
+	if m != nil && m.ToPort != nil {
+		return *m.ToPort
+	}
+	return 0
+}
+
+type PBDNSMessage_DNSQuestion struct {
+	QName                *string  `protobuf:"bytes,1,opt,name=qName" json:"qName,omitempty"`
+	QType                *uint32  `protobuf:"varint,2,opt,name=qType" json:"qType,omitempty"`
+	QClass               *uint32  `protobuf:"varint,3,opt,name=qClass" json:"qClass,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PBDNSMessage_DNSQuestion) Reset()         { *m = PBDNSMessage_DNSQuestion{} }
+func (m *PBDNSMessage_DNSQuestion) String() string { return proto.CompactTextString(m) }
+func (*PBDNSMessage_DNSQuestion) ProtoMessage()    {}
+func (*PBDNSMessage_DNSQuestion) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 0}
+}
+
+func (m *PBDNSMessage_DNSQuestion) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PBDNSMessage_DNSQuestion.Unmarshal(m, b)
+}
+func (m *PBDNSMessage_DNSQuestion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PBDNSMessage_DNSQuestion.Marshal(b, m, deterministic)
+}
+func (m *PBDNSMessage_DNSQuestion) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PBDNSMessage_DNSQuestion.Merge(m, src)
+}
+func (m *PBDNSMessage_DNSQuestion) XXX_Size() int {
+	return xxx_messageInfo_PBDNSMessage_DNSQuestion.Size(m)
+}
+func (m *PBDNSMessage_DNSQuestion) XXX_DiscardUnknown() {
+	xxx_messageInfo_PBDNSMessage_DNSQuestion.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PBDNSMessage_DNSQuestion proto.InternalMessageInfo
+
+func (m *PBDNSMessage_DNSQuestion) GetQName() string {
+	if m != nil && m.QName != nil {
+		return *m.QName
+	}
+	return ""
+}
+
+func (m *PBDNSMessage_DNSQuestion) GetQType() uint32 {
+	if m != nil && m.QType != nil {
+		return *m.QType
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSQuestion) GetQClass() uint32 {
+	if m != nil && m.QClass != nil {
+		return *m.QClass
+	}
+	return 0
+}
+
+type PBDNSMessage_DNSResponse struct {
+	Rcode                *uint32                           `protobuf:"varint,1,opt,name=rcode" json:"rcode,omitempty"`
+	Rrs                  []*PBDNSMessage_DNSResponse_DNSRR `protobuf:"bytes,2,rep,name=rrs" json:"rrs,omitempty"`
+	AppliedPolicy        *string                           `protobuf:"bytes,3,opt,name=appliedPolicy" json:"appliedPolicy,omitempty"`
+	Tags                 []string                          `protobuf:"bytes,4,rep,name=tags" json:"tags,omitempty"`
+	QueryTimeSec         *uint32                           `protobuf:"varint,5,opt,name=queryTimeSec" json:"queryTimeSec,omitempty"`
+	QueryTimeUsec        *uint32                           `protobuf:"varint,6,opt,name=queryTimeUsec" json:"queryTimeUsec,omitempty"`
+	AppliedPolicyType    *PBDNSMessage_PolicyType          `protobuf:"varint,7,opt,name=appliedPolicyType,enum=PBDNSMessage_PolicyType" json:"appliedPolicyType,omitempty"`
+	AppliedPolicyTrigger *string                           `protobuf:"bytes,8,opt,name=appliedPolicyTrigger" json:"appliedPolicyTrigger,omitempty"`
+	AppliedPolicyHit     *string                           `protobuf:"bytes,9,opt,name=appliedPolicyHit" json:"appliedPolicyHit,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
+	XXX_unrecognized     []byte                            `json:"-"`
+	XXX_sizecache        int32                             `json:"-"`
+}
+
+func (m *PBDNSMessage_DNSResponse) Reset()         { *m = PBDNSMessage_DNSResponse{} }
+func (m *PBDNSMessage_DNSResponse) String() string { return proto.CompactTextString(m) }
+func (*PBDNSMessage_DNSResponse) ProtoMessage()    {}
+func (*PBDNSMessage_DNSResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 1}
+}
+
+func (m *PBDNSMessage_DNSResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PBDNSMessage_DNSResponse.Unmarshal(m, b)
+}
+func (m *PBDNSMessage_DNSResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PBDNSMessage_DNSResponse.Marshal(b, m, deterministic)
+}
+func (m *PBDNSMessage_DNSResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PBDNSMessage_DNSResponse.Merge(m, src)
+}
+func (m *PBDNSMessage_DNSResponse) XXX_Size() int {
+	return xxx_messageInfo_PBDNSMessage_DNSResponse.Size(m)
+}
+func (m *PBDNSMessage_DNSResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_PBDNSMessage_DNSResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PBDNSMessage_DNSResponse proto.InternalMessageInfo
+
+func (m *PBDNSMessage_DNSResponse) GetRcode() uint32 {
+	if m != nil && m.Rcode != nil {
+		return *m.Rcode
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSResponse) GetRrs() []*PBDNSMessage_DNSResponse_DNSRR {
+	if m != nil {
+		return m.Rrs
+	}
+	return nil
+}
+
+func (m *PBDNSMessage_DNSResponse) GetAppliedPolicy() string {
+	if m != nil && m.AppliedPolicy != nil {
+		return *m.AppliedPolicy
+	}
+	return ""
+}
+
+func (m *PBDNSMessage_DNSResponse) GetTags() []string {
+	if m != nil {
+		return m.Tags
+	}
+	return nil
+}
+
+func (m *PBDNSMessage_DNSResponse) GetQueryTimeSec() uint32 {
+	if m != nil && m.QueryTimeSec != nil {
+		return *m.QueryTimeSec
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSResponse) GetQueryTimeUsec() uint32 {
+	if m != nil && m.QueryTimeUsec != nil {
+		return *m.QueryTimeUsec
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSResponse) GetAppliedPolicyType() PBDNSMessage_PolicyType {
+	if m != nil && m.AppliedPolicyType != nil {
+		return *m.AppliedPolicyType
+	}
+	return PBDNSMessage_UNKNOWN
+}
+
+func (m *PBDNSMessage_DNSResponse) GetAppliedPolicyTrigger() string {
+	if m != nil && m.AppliedPolicyTrigger != nil {
+		return *m.AppliedPolicyTrigger
+	}
+	return ""
+}
+
+func (m *PBDNSMessage_DNSResponse) GetAppliedPolicyHit() string {
+	if m != nil && m.AppliedPolicyHit != nil {
+		return *m.AppliedPolicyHit
+	}
+	return ""
+}
+
+// See exportTypes in https://docs.powerdns.com/recursor/lua-config/protobuf.html#protobufServer
+// for the list of supported resource record types.
+type PBDNSMessage_DNSResponse_DNSRR struct {
+	Name                 *string  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Type                 *uint32  `protobuf:"varint,2,opt,name=type" json:"type,omitempty"`
+	Class                *uint32  `protobuf:"varint,3,opt,name=class" json:"class,omitempty"`
+	Ttl                  *uint32  `protobuf:"varint,4,opt,name=ttl" json:"ttl,omitempty"`
+	Rdata                []byte   `protobuf:"bytes,5,opt,name=rdata" json:"rdata,omitempty"`
+	Udr                  *bool    `protobuf:"varint,6,opt,name=udr" json:"udr,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) Reset()         { *m = PBDNSMessage_DNSResponse_DNSRR{} }
+func (m *PBDNSMessage_DNSResponse_DNSRR) String() string { return proto.CompactTextString(m) }
+func (*PBDNSMessage_DNSResponse_DNSRR) ProtoMessage()    {}
+func (*PBDNSMessage_DNSResponse_DNSRR) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{0, 1, 0}
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PBDNSMessage_DNSResponse_DNSRR.Unmarshal(m, b)
+}
+func (m *PBDNSMessage_DNSResponse_DNSRR) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PBDNSMessage_DNSResponse_DNSRR.Marshal(b, m, deterministic)
+}
+func (m *PBDNSMessage_DNSResponse_DNSRR) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PBDNSMessage_DNSResponse_DNSRR.Merge(m, src)
+}
+func (m *PBDNSMessage_DNSResponse_DNSRR) XXX_Size() int {
+	return xxx_messageInfo_PBDNSMessage_DNSResponse_DNSRR.Size(m)
+}
+func (m *PBDNSMessage_DNSResponse_DNSRR) XXX_DiscardUnknown() {
+	xxx_messageInfo_PBDNSMessage_DNSResponse_DNSRR.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PBDNSMessage_DNSResponse_DNSRR proto.InternalMessageInfo
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) GetName() string {
+	if m != nil && m.Name != nil {
+		return *m.Name
+	}
+	return ""
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) GetType() uint32 {
+	if m != nil && m.Type != nil {
+		return *m.Type
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) GetClass() uint32 {
+	if m != nil && m.Class != nil {
+		return *m.Class
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) GetTtl() uint32 {
+	if m != nil && m.Ttl != nil {
+		return *m.Ttl
+	}
+	return 0
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) GetRdata() []byte {
+	if m != nil {
+		return m.Rdata
+	}
+	return nil
+}
+
+func (m *PBDNSMessage_DNSResponse_DNSRR) GetUdr() bool {
+	if m != nil && m.Udr != nil {
+		return *m.Udr
+	}
+	return false
+}
+
+type PBDNSMessageList struct {
+	Msg                  []*PBDNSMessage `protobuf:"bytes,1,rep,name=msg" json:"msg,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
+	XXX_unrecognized     []byte          `json:"-"`
+	XXX_sizecache        int32           `json:"-"`
+}
+
+func (m *PBDNSMessageList) Reset()         { *m = PBDNSMessageList{} }
+func (m *PBDNSMessageList) String() string { return proto.CompactTextString(m) }
+func (*PBDNSMessageList) ProtoMessage()    {}
+func (*PBDNSMessageList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3136ceafbfed9e7, []int{1}
+}
+
+func (m *PBDNSMessageList) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PBDNSMessageList.Unmarshal(m, b)
+}
+func (m *PBDNSMessageList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PBDNSMessageList.Marshal(b, m, deterministic)
+}
+func (m *PBDNSMessageList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PBDNSMessageList.Merge(m, src)
+}
+func (m *PBDNSMessageList) XXX_Size() int {
+	return xxx_messageInfo_PBDNSMessageList.Size(m)
+}
+func (m *PBDNSMessageList) XXX_DiscardUnknown() {
+	xxx_messageInfo_PBDNSMessageList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PBDNSMessageList proto.InternalMessageInfo
+
+func (m *PBDNSMessageList) GetMsg() []*PBDNSMessage {
+	if m != nil {
+		return m.Msg
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterEnum("PBDNSMessage_Type", PBDNSMessage_Type_name, PBDNSMessage_Type_value)
+	proto.RegisterEnum("PBDNSMessage_SocketFamily", PBDNSMessage_SocketFamily_name, PBDNSMessage_SocketFamily_value)
+	proto.RegisterEnum("PBDNSMessage_SocketProtocol", PBDNSMessage_SocketProtocol_name, PBDNSMessage_SocketProtocol_value)
+	proto.RegisterEnum("PBDNSMessage_PolicyType", PBDNSMessage_PolicyType_name, PBDNSMessage_PolicyType_value)
+	proto.RegisterType((*PBDNSMessage)(nil), "PBDNSMessage")
+	proto.RegisterType((*PBDNSMessage_DNSQuestion)(nil), "PBDNSMessage.DNSQuestion")
+	proto.RegisterType((*PBDNSMessage_DNSResponse)(nil), "PBDNSMessage.DNSResponse")
+	proto.RegisterType((*PBDNSMessage_DNSResponse_DNSRR)(nil), "PBDNSMessage.DNSResponse.DNSRR")
+	proto.RegisterType((*PBDNSMessageList)(nil), "PBDNSMessageList")
+}
+
+func init() {
+	proto.RegisterFile("dnsmessage.proto", fileDescriptor_c3136ceafbfed9e7)
+}
+
+var fileDescriptor_c3136ceafbfed9e7 = []byte{
+	// 836 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x54, 0xdd, 0x8f, 0xdb, 0xc4,
+	0x17, 0x95, 0x3f, 0xb2, 0x49, 0x6e, 0xec, 0xd4, 0x9d, 0xcd, 0xef, 0xd7, 0x21, 0x54, 0xd4, 0x0a,
+	0xa8, 0xb2, 0x78, 0x58, 0x41, 0x10, 0x88, 0x27, 0x24, 0xba, 0x49, 0x85, 0x45, 0xeb, 0xf5, 0x8e,
+	0xb3, 0x42, 0x3c, 0xba, 0xf6, 0x60, 0x8d, 0x48, 0x3c, 0x59, 0x7b, 0x52, 0x94, 0x27, 0x84, 0xf8,
+	0xc7, 0xd1, 0x5c, 0xe7, 0xc3, 0xee, 0xee, 0xbe, 0xdd, 0x73, 0xee, 0xb9, 0xc7, 0x9e, 0x7b, 0xef,
+	0x0c, 0x78, 0x79, 0x59, 0x6f, 0x78, 0x5d, 0xa7, 0x05, 0xbf, 0xda, 0x56, 0x52, 0xc9, 0xd9, 0x3f,
+	0x2e, 0x38, 0xf1, 0x9b, 0x45, 0x94, 0xbc, 0x6f, 0x68, 0xf2, 0x1a, 0x6c, 0xb5, 0xdf, 0x72, 0x6a,
+	0xf8, 0x66, 0x30, 0x9e, 0x93, 0xab, 0x76, 0xf2, 0x6a, 0xb5, 0xdf, 0x72, 0x86, 0x79, 0xf2, 0x12,
+	0x86, 0x07, 0xa7, 0x30, 0xa7, 0xa6, 0x6f, 0x04, 0x0e, 0x3b, 0x13, 0xe4, 0x35, 0x8c, 0x6b, 0x5e,
+	0x7d, 0xe4, 0x55, 0x98, 0xf3, 0x52, 0x09, 0xb5, 0xa7, 0x16, 0x4a, 0x3e, 0x61, 0xc9, 0x4f, 0xe0,
+	0xd4, 0x32, 0xfb, 0x93, 0xab, 0xb7, 0xe9, 0x46, 0xac, 0xf7, 0xd4, 0xf6, 0x8d, 0x60, 0x3c, 0x9f,
+	0x76, 0xbf, 0x9a, 0xb4, 0x14, 0xac, 0xa3, 0x27, 0x0b, 0x18, 0x37, 0x38, 0xd6, 0xa7, 0xc9, 0xe4,
+	0x9a, 0xf6, 0xd0, 0xe1, 0xe5, 0x63, 0x0e, 0x47, 0x0d, 0xfb, 0xa4, 0x86, 0x10, 0xb0, 0xff, 0xa8,
+	0xe4, 0x86, 0x5e, 0xe0, 0x3f, 0x62, 0x4c, 0xc6, 0x60, 0x2a, 0x49, 0xfb, 0xc8, 0x98, 0x4a, 0x12,
+	0x0a, 0x7d, 0x51, 0xbe, 0xd9, 0x2b, 0x5e, 0xd3, 0x81, 0x6f, 0x04, 0x36, 0x3b, 0x42, 0x9d, 0x51,
+	0x62, 0xc3, 0x13, 0x9e, 0xd1, 0xa1, 0x6f, 0x04, 0x2e, 0x3b, 0x42, 0x32, 0x85, 0x81, 0x0e, 0xef,
+	0x6a, 0x9e, 0x51, 0xc0, 0xd4, 0x09, 0x6b, 0x7f, 0x91, 0xd3, 0x11, 0xb2, 0xa6, 0xc8, 0xc9, 0xf7,
+	0x30, 0xb8, 0xdf, 0xf1, 0x5a, 0x09, 0x59, 0x52, 0xc7, 0x37, 0x82, 0xd1, 0xfc, 0xb3, 0xee, 0x19,
+	0x16, 0x51, 0x72, 0x7b, 0x10, 0xb0, 0x93, 0x54, 0x97, 0x55, 0xbc, 0xde, 0xca, 0xb2, 0xe6, 0xd4,
+	0x7d, 0xa2, 0x8c, 0x1d, 0x04, 0xec, 0x24, 0x25, 0x3f, 0xc2, 0x0b, 0x59, 0x89, 0x42, 0x94, 0xe9,
+	0x9a, 0x71, 0x34, 0x93, 0x55, 0xb2, 0xfb, 0x50, 0x72, 0x45, 0xc7, 0x78, 0xe4, 0xa7, 0xd2, 0xc4,
+	0x87, 0x51, 0x75, 0xa4, 0xc2, 0x9c, 0x3e, 0xf3, 0x8d, 0x60, 0xc8, 0xda, 0x14, 0xf9, 0x1a, 0x3c,
+	0x51, 0x0a, 0x25, 0x4e, 0xb5, 0x61, 0x4e, 0x3d, 0x34, 0x7d, 0xc0, 0xeb, 0x0e, 0xe5, 0xfc, 0xa3,
+	0xc8, 0xf4, 0x12, 0x3d, 0x47, 0xcd, 0x09, 0x93, 0x6f, 0xe0, 0xb2, 0xe4, 0x7f, 0xad, 0xf7, 0x37,
+	0x1f, 0x70, 0x69, 0xf2, 0x85, 0xdc, 0xa4, 0xa2, 0xa4, 0xc4, 0x37, 0x82, 0x01, 0x7b, 0x2c, 0x45,
+	0xbe, 0x00, 0x68, 0xaa, 0xa3, 0x74, 0xc3, 0xe9, 0x25, 0xfe, 0x5a, 0x8b, 0xd1, 0x5f, 0xd3, 0xb3,
+	0x8d, 0x65, 0xa5, 0xe8, 0xa4, 0x99, 0xc7, 0x11, 0x93, 0xff, 0xc3, 0x85, 0x92, 0x98, 0xf9, 0x1f,
+	0x66, 0x0e, 0x68, 0x7a, 0x0b, 0xa3, 0x56, 0xe7, 0xc9, 0x04, 0x7a, 0xf7, 0xe8, 0x6e, 0xa0, 0x7b,
+	0x03, 0x90, 0xd5, 0x77, 0x03, 0x2f, 0x82, 0xcb, 0x1a, 0xa0, 0x2d, 0xef, 0xaf, 0xd7, 0x69, 0x5d,
+	0xe3, 0xf2, 0xbb, 0xec, 0x80, 0xa6, 0xff, 0xda, 0xe8, 0x79, 0x1c, 0x8b, 0xae, 0xae, 0x32, 0x99,
+	0x37, 0x9e, 0x2e, 0x6b, 0x00, 0xf9, 0x16, 0xac, 0xaa, 0xaa, 0xa9, 0xe9, 0x5b, 0xc1, 0x68, 0xfe,
+	0xea, 0xc9, 0xa1, 0x62, 0xcc, 0x98, 0xd6, 0x92, 0xaf, 0xc0, 0x4d, 0xb7, 0xdb, 0xb5, 0xe0, 0x79,
+	0x2c, 0xd7, 0x22, 0x6b, 0x2e, 0xdd, 0x90, 0x75, 0x49, 0xbd, 0xed, 0x2a, 0x2d, 0x6a, 0x6a, 0xfb,
+	0x56, 0x30, 0x64, 0x18, 0x93, 0x19, 0x38, 0xf7, 0x3b, 0x5e, 0xed, 0x57, 0x87, 0x45, 0xee, 0xe1,
+	0x9f, 0x74, 0x38, 0xed, 0x7e, 0xc2, 0xb8, 0xd2, 0x17, 0x28, 0xea, 0x92, 0xe4, 0x2d, 0x3c, 0xef,
+	0x7c, 0x0e, 0xdb, 0xd2, 0xc7, 0x4b, 0x49, 0xbb, 0x87, 0x38, 0xe7, 0xd9, 0xc3, 0x12, 0x32, 0x87,
+	0x49, 0x97, 0xac, 0x44, 0x51, 0xf0, 0x0a, 0x2f, 0xdf, 0x90, 0x3d, 0x9a, 0xd3, 0x9b, 0xd7, 0xe1,
+	0x7f, 0x11, 0x0a, 0xaf, 0xe4, 0x90, 0x3d, 0xe0, 0xa7, 0x7f, 0x43, 0x0f, 0x3b, 0xa7, 0xdb, 0x51,
+	0x9e, 0x07, 0x8a, 0x31, 0xb6, 0xe8, 0x3c, 0xce, 0xe6, 0xc1, 0x9b, 0x40, 0x2f, 0x6b, 0x0d, 0xb3,
+	0x01, 0xc4, 0x03, 0x4b, 0xa9, 0x35, 0xbe, 0x5b, 0x2e, 0xd3, 0x21, 0x4e, 0x33, 0x4f, 0x55, 0x8a,
+	0x3d, 0x74, 0x58, 0x03, 0xb4, 0x6e, 0x97, 0x57, 0xd8, 0xb2, 0x01, 0xd3, 0xe1, 0x2c, 0x07, 0x1b,
+	0x0f, 0xea, 0x81, 0xd3, 0x2c, 0x58, 0x85, 0x07, 0xf7, 0x0c, 0x72, 0x09, 0xcf, 0x5a, 0x03, 0x46,
+	0xd2, 0x24, 0x14, 0x26, 0x8b, 0x28, 0xb9, 0xd9, 0xa9, 0x42, 0x8a, 0xb2, 0x38, 0xcb, 0x2d, 0xf2,
+	0x39, 0xbc, 0x58, 0x44, 0x49, 0x58, 0x66, 0x72, 0x23, 0xca, 0xa2, 0x53, 0x66, 0xcf, 0xbe, 0x04,
+	0xa7, 0xfd, 0x7c, 0x92, 0x01, 0xd8, 0x61, 0xb4, 0x5c, 0x79, 0x06, 0x19, 0x42, 0x4f, 0x47, 0x3f,
+	0x78, 0xe6, 0x6c, 0x06, 0xe3, 0xee, 0x0b, 0x49, 0xfa, 0x60, 0xdd, 0x2d, 0x62, 0xcf, 0xd0, 0xc1,
+	0xea, 0x3a, 0xf6, 0xcc, 0xd9, 0xef, 0x00, 0xad, 0xe9, 0x8c, 0xa0, 0x7f, 0x17, 0xfd, 0x1a, 0xdd,
+	0xfc, 0x16, 0x35, 0x4e, 0xb7, 0xd1, 0xcf, 0xef, 0x97, 0x9e, 0x49, 0x1c, 0x18, 0x5c, 0xbf, 0x0b,
+	0x97, 0xd1, 0x2a, 0x8c, 0x3d, 0x8b, 0x8c, 0x01, 0xd8, 0x32, 0x89, 0x6f, 0xa2, 0x64, 0x19, 0xc6,
+	0x9e, 0xad, 0xab, 0xa2, 0x64, 0x81, 0xd2, 0x9e, 0xfe, 0x93, 0x28, 0x09, 0x63, 0xef, 0x62, 0xf6,
+	0x1d, 0x78, 0xed, 0xc5, 0x78, 0x27, 0x6a, 0x45, 0x5e, 0x81, 0xb5, 0xa9, 0x0b, 0x6a, 0xe0, 0xf6,
+	0xbb, 0x9d, 0xc5, 0x61, 0x3a, 0xf3, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x3d, 0x56, 0xce, 0x98,
+	0xcb, 0x06, 0x00, 0x00,
+}
diff --git a/protobuf/dnsmessage.proto b/protobuf/dnsmessage.proto
new file mode 100644
index 0000000..c75e67e
--- /dev/null
+++ b/protobuf/dnsmessage.proto
@@ -0,0 +1,105 @@
+/*
+ * This file describes the message format used by the protobuf logging feature in PowerDNS and dnsdist.
+ *
+ * MIT License
+ * 
+ * Copyright (c) 2016-now PowerDNS.COM B.V. and its contributors.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+syntax = "proto2";
+
+message PBDNSMessage {
+  enum Type {
+    DNSQueryType = 1;                           // Query received by the service
+    DNSResponseType = 2;                        // Response returned by the service
+    DNSOutgoingQueryType = 3;                   // Query sent out by the service to a remote server
+    DNSIncomingResponseType = 4;                // Response returned by the remote server
+  }
+  enum SocketFamily {
+    INET = 1;                                   // IPv4 (RFC 791)
+    INET6 = 2;                                  // IPv6 (RFC 2460)
+  }
+  enum SocketProtocol {
+    UDP = 1;                                    // User Datagram Protocol (RFC 768)
+    TCP = 2;                                    // Transmission Control Protocol (RFC 793)
+  }
+  enum PolicyType {
+    UNKNOWN = 1;                                // No RPZ policy applied, or unknown type
+    QNAME = 2;                                  // Policy matched on the QName
+    CLIENTIP = 3;                               // Policy matched on the client IP
+    RESPONSEIP = 4;                             // Policy matched on one of the IPs contained in the answer
+    NSDNAME = 5;                                // Policy matched on the name of one nameserver involved
+    NSIP = 6;                                   // Policy matched on the IP of one nameserver involved
+  }
+  required Type type = 1;                       // Type of event
+  optional bytes messageId = 2;                 // UUID, shared by the query and the response
+  optional bytes serverIdentity = 3;            // ID of the server emitting the protobuf message
+  optional SocketFamily socketFamily = 4;
+  optional SocketProtocol socketProtocol = 5;
+  optional bytes from = 6;                      // DNS requestor (client) as 4 (IPv4) or 16 (IPv6) raw bytes in network byte order
+  optional bytes to = 7;                        // DNS responder (server) as 4 (IPv4) or 16 (IPv6) raw bytes in network byte order
+  optional uint64 inBytes = 8;                  // Size of the query or response on the wire
+  optional uint32 timeSec = 9;                  // Time of message reception (seconds since epoch)
+  optional uint32 timeUsec = 10;                // Time of message reception (additional micro-seconds)
+  optional uint32 id = 11;                      // ID of the query/response as found in the DNS header
+
+  message DNSQuestion {
+    optional string qName = 1;                  // Fully qualified DNS name (with trailing dot)
+    optional uint32 qType = 2;                  // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
+    optional uint32 qClass = 3;                 // Typically 1 (IN), see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-2
+  }
+  optional DNSQuestion question = 12;           // DNS query received from client
+
+  message DNSResponse {
+    // See exportTypes in https://docs.powerdns.com/recursor/lua-config/protobuf.html#protobufServer
+    // for the list of supported resource record types.
+    message DNSRR {
+      optional string name = 1;                 // Fully qualified DNS name (with trailing dot)
+      optional uint32 type = 2;                 // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
+      optional uint32 class = 3;                // Typically 1 (IN), see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-2
+      optional uint32 ttl = 4;                  // TTL in seconds
+      optional bytes rdata = 5;                 // raw address bytes in network byte order for A & AAAA; text representation for others, with fully qualified (trailing dot) domain names
+      optional bool  udr = 6;                   // True if this is the first time this RR has been seen for this question
+    }
+    optional uint32 rcode = 1;                  // DNS Response code, or 65536 for a network error including a timeout
+    repeated DNSRR rrs = 2;                     // DNS resource records in response
+    optional string appliedPolicy = 3;          // Filtering policy (RPZ or Lua) applied
+    repeated string tags = 4;                   // Additional tags applied
+    optional uint32 queryTimeSec = 5;           // Time of the corresponding query reception (seconds since epoch)
+    optional uint32 queryTimeUsec = 6;          // Time of the corresponding query reception (additional micro-seconds)
+    optional PolicyType appliedPolicyType = 7;  // Type of the filtering policy (RPZ or Lua) applied
+    optional string appliedPolicyTrigger = 8;   // The RPZ trigger
+    optional string appliedPolicyHit = 9;       // The value (qname or IP) that caused the hit
+  }
+
+  optional DNSResponse response = 13;
+  optional bytes originalRequestorSubnet = 14;  // EDNS Client Subnet value (4 or 16 raw bytes in network byte order)
+  optional string requestorId = 15;             // Username of the requestor
+  optional bytes initialRequestId = 16;         // UUID of the incoming query that initiated this outgoing query or incoming response
+  optional bytes deviceId = 17;                 // Device ID of the requestor (could be mac address IP address or e.g. IMEI, format implementation dependent)
+  optional bool  newlyObservedDomain = 18;      // True if the domain has not been seen before
+  optional string deviceName = 19;              // Device name of the requestor
+  optional uint32 fromPort = 20;                // Source port of the DNS query (client)
+  optional uint32 toPort = 21;                  // Destination port of the DNS query (server)
+}
+
+message PBDNSMessageList {
+  repeated PBDNSMessage msg = 1;
+}
diff --git a/protobuf/dnstap.proto b/protobuf/dnstap.proto
new file mode 100644
index 0000000..3504d99
--- /dev/null
+++ b/protobuf/dnstap.proto
@@ -0,0 +1,262 @@
+// dnstap: flexible, structured event replication format for DNS software
+//
+// This file contains the protobuf schemas for the "dnstap" structured event
+// replication format for DNS software.
+
+// Written in 2013-2014 by Farsight Security, Inc.
+//
+// To the extent possible under law, the author(s) have dedicated all
+// copyright and related and neighboring rights to this file to the public
+// domain worldwide. This file is distributed without any warranty.
+//
+// You should have received a copy of the CC0 Public Domain Dedication along
+// with this file. If not, see:
+//
+// <http://creativecommons.org/publicdomain/zero/1.0/>.
+
+package dnstap;
+
+// "Dnstap": this is the top-level dnstap type, which is a "union" type that
+// contains other kinds of dnstap payloads, although currently only one type
+// of dnstap payload is defined.
+// See: https://developers.google.com/protocol-buffers/docs/techniques#union
+message Dnstap {
+    // DNS server identity.
+    // If enabled, this is the identity string of the DNS server which generated
+    // this message. Typically this would be the same string as returned by an
+    // "NSID" (RFC 5001) query.
+    optional bytes      identity = 1;
+
+    // DNS server version.
+    // If enabled, this is the version string of the DNS server which generated
+    // this message. Typically this would be the same string as returned by a
+    // "version.bind" query.
+    optional bytes      version = 2;
+
+    // Extra data for this payload.
+    // This field can be used for adding an arbitrary byte-string annotation to
+    // the payload. No encoding or interpretation is applied or enforced.
+    optional bytes      extra = 3;
+
+    // Identifies which field below is filled in.
+    enum Type {
+        MESSAGE = 1;
+    }
+    required Type       type = 15;
+
+    // One of the following will be filled in.
+    optional Message    message = 14;
+}
+
+// SocketFamily: the network protocol family of a socket. This specifies how
+// to interpret "network address" fields.
+enum SocketFamily {
+    INET = 1;   // IPv4 (RFC 791)
+    INET6 = 2;  // IPv6 (RFC 2460)
+}
+
+// SocketProtocol: the transport protocol of a socket. This specifies how to
+// interpret "transport port" fields.
+enum SocketProtocol {
+    UDP = 1;    // User Datagram Protocol (RFC 768)
+    TCP = 2;    // Transmission Control Protocol (RFC 793)
+}
+
+// Message: a wire-format (RFC 1035 section 4) DNS message and associated
+// metadata. Applications generating "Message" payloads should follow
+// certain requirements based on the MessageType, see below.
+message Message {
+
+    // There are eight types of "Message" defined that correspond to the
+    // four arrows in the following diagram, slightly modified from RFC 1035
+    // section 2:
+
+    //    +---------+               +----------+           +--------+
+    //    |         |     query     |          |   query   |        |
+    //    | Stub    |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth.  |
+    //    | Resolver|               | Server   |           | Name   |
+    //    |         |<-SR--------CR-|          |<-RR----AR-| Server |
+    //    +---------+    response   |          |  response |        |
+    //                              +----------+           +--------+
+
+    // Each arrow has two Type values each, one for each "end" of each arrow,
+    // because these are considered to be distinct events. Each end of each
+    // arrow on the diagram above has been marked with a two-letter Type
+    // mnemonic. Clockwise from upper left, these mnemonic values are:
+    //
+    //   SQ:        STUB_QUERY
+    //   CQ:      CLIENT_QUERY
+    //   RQ:    RESOLVER_QUERY
+    //   AQ:        AUTH_QUERY
+    //   AR:        AUTH_RESPONSE
+    //   RR:    RESOLVER_RESPONSE
+    //   CR:      CLIENT_RESPONSE
+    //   SR:        STUB_RESPONSE
+
+    // Two additional types of "Message" have been defined for the
+    // "forwarding" case where an upstream DNS server is responsible for
+    // further recursion. These are not shown on the diagram above, but have
+    // the following mnemonic values:
+
+    //   FQ:   FORWARDER_QUERY
+    //   FR:   FORWARDER_RESPONSE
+
+    // The "Message" Type values are defined below.
+
+    enum Type {
+        // AUTH_QUERY is a DNS query message received from a resolver by an
+        // authoritative name server, from the perspective of the authorative
+        // name server.
+        AUTH_QUERY = 1;
+
+        // AUTH_RESPONSE is a DNS response message sent from an authoritative
+        // name server to a resolver, from the perspective of the authoritative
+        // name server.
+        AUTH_RESPONSE = 2;
+
+        // RESOLVER_QUERY is a DNS query message sent from a resolver to an
+        // authoritative name server, from the perspective of the resolver.
+        // Resolvers typically clear the RD (recursion desired) bit when
+        // sending queries.
+        RESOLVER_QUERY = 3;
+
+        // RESOLVER_RESPONSE is a DNS response message received from an
+        // authoritative name server by a resolver, from the perspective of
+        // the resolver.
+        RESOLVER_RESPONSE = 4;
+
+        // CLIENT_QUERY is a DNS query message sent from a client to a DNS
+        // server which is expected to perform further recursion, from the
+        // perspective of the DNS server. The client may be a stub resolver or
+        // forwarder or some other type of software which typically sets the RD
+        // (recursion desired) bit when querying the DNS server. The DNS server
+        // may be a simple forwarding proxy or it may be a full recursive
+        // resolver.
+        CLIENT_QUERY = 5;
+
+        // CLIENT_RESPONSE is a DNS response message sent from a DNS server to
+        // a client, from the perspective of the DNS server. The DNS server
+        // typically sets the RA (recursion available) bit when responding.
+        CLIENT_RESPONSE = 6;
+
+        // FORWARDER_QUERY is a DNS query message sent from a downstream DNS
+        // server to an upstream DNS server which is expected to perform
+        // further recursion, from the perspective of the downstream DNS
+        // server.
+        FORWARDER_QUERY = 7;
+
+        // FORWARDER_RESPONSE is a DNS response message sent from an upstream
+        // DNS server performing recursion to a downstream DNS server, from the
+        // perspective of the downstream DNS server.
+        FORWARDER_RESPONSE = 8;
+
+        // STUB_QUERY is a DNS query message sent from a stub resolver to a DNS
+        // server, from the perspective of the stub resolver.
+        STUB_QUERY = 9;
+
+        // STUB_RESPONSE is a DNS response message sent from a DNS server to a
+        // stub resolver, from the perspective of the stub resolver.
+        STUB_RESPONSE = 10;
+    }
+
+    // One of the Type values described above.
+    required Type               type = 1;
+
+    // One of the SocketFamily values described above.
+    optional SocketFamily       socket_family = 2;
+
+    // One of the SocketProtocol values described above.
+    optional SocketProtocol     socket_protocol = 3;
+
+    // The network address of the message initiator.
+    // For SocketFamily INET, this field is 4 octets (IPv4 address).
+    // For SocketFamily INET6, this field is 16 octets (IPv6 address).
+    optional bytes              query_address = 4;
+
+    // The network address of the message responder.
+    // For SocketFamily INET, this field is 4 octets (IPv4 address).
+    // For SocketFamily INET6, this field is 16 octets (IPv6 address).
+    optional bytes              response_address = 5;
+
+    // The transport port of the message initiator.
+    // This is a 16-bit UDP or TCP port number, depending on SocketProtocol.
+    optional uint32             query_port = 6;
+
+    // The transport port of the message responder.
+    // This is a 16-bit UDP or TCP port number, depending on SocketProtocol.
+    optional uint32             response_port = 7;
+
+    // The time at which the DNS query message was sent or received, depending
+    // on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY.
+    // This is the number of seconds since the UNIX epoch.
+    optional uint64             query_time_sec = 8;
+
+    // The time at which the DNS query message was sent or received.
+    // This is the seconds fraction, expressed as a count of nanoseconds.
+    optional fixed32            query_time_nsec = 9;
+
+    // The initiator's original wire-format DNS query message, verbatim.
+    optional bytes              query_message = 10;
+
+    // The "zone" or "bailiwick" pertaining to the DNS query message.
+    // This is a wire-format DNS domain name.
+    optional bytes              query_zone = 11;
+
+    // The time at which the DNS response message was sent or received,
+    // depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or
+    // CLIENT_RESPONSE.
+    // This is the number of seconds since the UNIX epoch.
+    optional uint64             response_time_sec = 12;
+
+    // The time at which the DNS response message was sent or received.
+    // This is the seconds fraction, expressed as a count of nanoseconds.
+    optional fixed32            response_time_nsec = 13;
+
+    // The responder's original wire-format DNS response message, verbatim.
+    optional bytes              response_message = 14;
+}
+
+// All fields except for 'type' in the Message schema are optional.
+// It is recommended that at least the following fields be filled in for
+// particular types of Messages.
+
+// AUTH_QUERY:
+//      socket_family, socket_protocol
+//      query_address, query_port
+//      query_message
+//      query_time_sec, query_time_nsec
+
+// AUTH_RESPONSE:
+//      socket_family, socket_protocol
+//      query_address, query_port
+//      query_time_sec, query_time_nsec
+//      response_message
+//      response_time_sec, response_time_nsec
+
+// RESOLVER_QUERY:
+//      socket_family, socket_protocol
+//      query_name, query_type, query_class
+//      query_message
+//      query_time_sec, query_time_nsec
+//      query_zone
+//      response_address, response_port
+
+// RESOLVER_RESPONSE:
+//      socket_family, socket_protocol
+//      query_name, query_type, query_class
+//      query_time_sec, query_time_nsec
+//      query_zone
+//      response_address, response_port
+//      response_message
+//      response_time_sec, response_time_nsec
+
+// CLIENT_QUERY:
+//      socket_family, socket_protocol
+//      query_message
+//      query_time_sec, query_time_nsec
+
+// CLIENT_RESPONSE:
+//      socket_family, socket_protocol
+//      query_time_sec, query_time_nsec
+//      response_message
+//      response_time_sec, response_time_nsec