enhancement(dnstap source): expose message size when parsing dnstap data

[esensar]

Summary

Adds new fields to parsed dnstap data: requestMessageSize and responseMessageSize. They represent the sizes of the DNS messages.

Vector configuration

sources:
  dnstap_tcp:
    type: "dnstap"
    mode: "tcp"
    address: "0.0.0.0:59001"
    max_frame_length: 102400
    max_frame_handling_tasks: 10000
    multithreaded: true

sinks:
  console:
    inputs: ["dnstap_tcp"]
    target: "stdout"
    type: "console"
    acknowledgements:
      enabled: false
    encoding:
      codec: "json"

How did you test this PR?

Ran the included tests.
Also used the file provided in #24545 (comment) and sent it to running Vector instance with the above configuration:

$ dnstap -r dnstap.bmp -T 127.0.0.1:59001
dnstap: opened input file dnstap.bmp
...
# Vector output:
{"dataType":"Message","dataTypeId":1,"host":"10.89.1.5:46660","messageType":"AuthQuery","messageTypeId":1,"requestData":{"fullRcode":0,"header":{"aa":false,"ad":true,"anCount":0,"arCount":1,"cd":false,"id":5837,"nsCount":0,"opcode":0,"qdCount":1,"qr":0,"ra":false,"rcode":0,"rd":true,"tc":false},"opt":{"do":false,"ednsVersion":0,"extendedRcode":0,"options":[{"optCode":10,"optName":"Cookie","optValue":"7/Ap5xTqGvA="}],"udpPayloadSize":1232},"question":[{"class":"IN","domainName":"example.com.","questionType":"SOA","questionTypeId":6}],"rcodeName":"NoError"},"requestMessageSize":52,"responseAddress":"172.28.0.12","responsePort":53,"serverId":"009d8906441c","serverVersion":"BIND 9.20.18","socketFamily":"INET","socketProtocol":"UDP","sourceAddress":"172.28.0.1","sourcePort":42327,"source_type":"dnstap","time":1769639725471736719,"timePrecision":"ns","timestamp":"2026-01-28T22:35:25.471736719Z"}

Change Type

• Bug fix
• New feature
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

Does this PR include user facing changes?

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the no-changelog label to this PR.

References

• Closes: dnstap a message size should be included #24545

Notes

• Please read our Vector contributor resources.
• Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
• Some CI checks run only after we manually approve them.
  • We recommend adding a pre-push hook, please see this template.
  • Alternatively, we recommend running the following locally before pushing to the remote branch:
    • make fmt
    • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
    • make test
• After a review is requested, please avoid force pushes to help us review incrementally.
  • Feel free to push as many commits as you want. They will be squashed into one before merging.
  • For example, you can run git merge origin master and git push.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.

---

Sponsored by Quad9