Hi! Thanks all! Sometimes, one is on the right track!
Regards, Manfred ----- Original Message ----- From: Simon Kelley [mailto:si...@thekelleys.org.uk] To: <dnsmasq-discuss@lists.thekelleys.org.uk> Sent: Tue, 11 Apr 2023 21:23:46 +0100 Subject: Re: [Dnsmasq-discuss] Understand logging - don't find details On 11/04/2023 17:21, web...@manfbraun.de wrote: > Hello! > I want to find out the response time from clients request up to > dnsmasq's response > (including the external answer!) to the client. But a look into the > logfile - thought, easy > to make a wrapper, because I am missing dnstap support - wonders me. > For example, here a short excerpt, omitting the date, I cut out of a > contueing block: > dnsmasq[315]: 86114 192.120.33.206/55020 query[PTR] > 155.33.120.192.in-addr.arpa from 192.120.33.206 > dnsmasq[315]: 86114 192.120.33.206/55020 /etc/dnsmasq.d/hosts > 192.120.33.155 is proxy.lan.local > > dnsmasq[315]: 86115 192.120.33.206/55020 query[A] stackoverflow.com from > 192.120.33206 > dnsmasq[315]: 86115 192.120.33.206/55020 forwarded stackoverflow.com to > 208.67.222.222 > dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is > 151.101.193.69 > dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is > 151.101.65.69 > dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is > 151.101.129.69 > dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is > 151.101.1.69 > > dnsmasq[315]: 86116 192.120.33.206/55020 query[A] alive.github.com from > 192.120.33.206 > dnsmasq[315]: 86116 192.120.33.206/55020 forwarded alive.github.com to > 77.88.8.8 > dnsmasq[315]: 86116 192.120.33.206/55020 reply alive.github.com is <CNAME> > dnsmasq[315]: 86116 192.120.33.206/55020 reply live.github.com is > 140.82.113.25 > Am I right, that in the second column, is just a sequence number? > Then, the first block would be easy to understand and I could use the > timedifference (the > time, were the loglines arrive in my warapper). > The second block looks like dnsmasq is sending four responses, because of > stackoverflow has four ip-addresses? Or does this mean, the query (of > this second > block) started at it's first line and was complete(!) at the sixt line > and the answer to > the client was one response packet? At least, the following "sequence" > number then > is logically different. > The same pattern then is visible in the third block. > Some comments would help me! > Thanks so far, > Manfred > You seem to have pretty much decoded it. The second column is a sequence number. It's more useful when dnsmasq is busy and more than one query is in progress at the same time, since it allows you to work out which answer goes with which query. The four lines of responses are all in a single packet. The third column is the address and port number of the client sending the request. Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
