Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
Simon, I see that you are back and wanted to bring this up again. We are using DNSMasq within AWS to perform DNS whitelisting and I noticed that there is no log line produced when a domain is NOT configured to be forwarded. I think this patch should take care of it and would love to have it considered. Justin On Wed, Jul 19, 2017 at 3:57 PM, Justin Grudzienwrote: > I made a small mistake in the patch. Here is the fix! > > Justin > > > On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzien > wrote: > >> I made a small update to the patch where it adds the IP address in the >> log message. This will identify the server making the request for the >> domain that is not configured to forward. >> >> Justin >> >> >> On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien >> wrote: >> >>> We are running DNSMasq to whitelist domains within AWS. We wanted all >>> domains not in the whitelist to produce a log line to be forwarded to our >>> SIEM. Our goal is to detect people attempting DNS attacks against us. Here >>> is a patch that produces a simple log line if a forwarding is not >>> attempted. >>> >>> I would love this to be added to the main codebase. It is a simple >>> change and will allow others to track non-whitelisted domains. >>> >>> Justin >>> >>> >> > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
I made a small mistake in the patch. Here is the fix! Justin On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzienwrote: > I made a small update to the patch where it adds the IP address in the log > message. This will identify the server making the request for the domain > that is not configured to forward. > > Justin > > > On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien > wrote: > >> We are running DNSMasq to whitelist domains within AWS. We wanted all >> domains not in the whitelist to produce a log line to be forwarded to our >> SIEM. Our goal is to detect people attempting DNS attacks against us. Here >> is a patch that produces a simple log line if a forwarding is not >> attempted. >> >> I would love this to be added to the main codebase. It is a simple change >> and will allow others to track non-whitelisted domains. >> >> Justin >> >> > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
I made a small update to the patch where it adds the IP address in the log message. This will identify the server making the request for the domain that is not configured to forward. Justin On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzienwrote: > We are running DNSMasq to whitelist domains within AWS. We wanted all > domains not in the whitelist to produce a log line to be forwarded to our > SIEM. Our goal is to detect people attempting DNS attacks against us. Here > is a patch that produces a simple log line if a forwarding is not > attempted. > > I would love this to be added to the main codebase. It is a simple change > and will allow others to track non-whitelisted domains. > > Justin > > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss