Re: [Dnsmasq-discuss] Fake reverse lookups from cache
[Resend, this mail did not make it to the list (wrong From:)] Am Montag, den 02.02.2015, 16:57 +0100 schrieb Niels: I do see the usefulness of such an option but only if implemented such that real reverse lookups can still function unchanged. One way would be to implement a separate dns service listening on some other port. That is probably way too complicated to be acceptable as a general patch. The main point is that I do not see any way to have it work with an unmodified client. The client needs to implement some way of saying it wants to do fake reverses. I have been pondering the idea to make a log parser process that builds a database from forward lookups that can then be queried on the resulting ip. For CNAME expansion that would be problematic since the individual log entries currently do not provide enough information, like in: Feb 2 16:36:55 dnsmasq[852]: query[A] p05-btmmdns.icloud.com from 192.168.178.12 Feb 2 16:36:55 dnsmasq[852]: cached p05-btmmdns.icloud.com is CNAME Feb 2 16:36:55 dnsmasq[852]: cached p05-btmmdns.icloud.com.akadns.net is 17.172.100.68 The logs do not make clear that p05-btmmdns.icloud.com.akadns.net is the value of CNAME p05-btmmdns.icloud.com and I found the extra dns query needed to prove that would be too much of a hassle. So one proposition would be to make the log entries for CNAME list the actual value, which is a very small change, and leave the 0.01% dnsmasq users that are interested in reporting which forward request resulted in an actual ip being encountered alone with the task of writing their own report tools. It might be easier to use it if the log entry would provide an IP, e.g. Feb 2 16:36:55 dnsmasq[852]: cached p05-btmmdns.icloud.com is CNAME for 17.172.100.68 Not sure, if this is implemented easily. But you are right, a log file parser is preferable. Building a tool that replaces all IPs by the last used names and piping the netstat-nat -n output would do it for my case. So I request log files that enable looking up the last requested name as a feature. Shall I implement this or could you be so kind? Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Reverse Lookups from the query log
Hi. To translate my routers netstat-nat output into names that actually talk to me I have started writing to simple shell scripts. They require log-queries log-facility=/var/log/dnsmasq.log to be set. With netstat-nat -n -4 | reverse_replace.sh I get retranslated output. Sincerely, Joachim reverse_dns.sh Description: application/shellscript reverse_replace.sh Description: application/shellscript ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Fake reverse lookups from cache
Hi. I am currently thinking about implementing a feature in dnsmasq that I consider highly useful. When I do a netstat-nat on my router (asuswrt), I will mostly get reverse names that are about as useful as ip adresses. So my idea is to implement a configuration option for dnsmasq: --fake-reverse Fake reverse lookups by using the cache. Reverse lookups are satisfied by using the cached forward entries if possible. Note that this does not give the same result as the reverse lookup. It will give a better results in most situations, since it will return a name that has actually been before. So I have two questions: 1. What are the cons? 2. What are my chances to have such a patch accepted in dnsmasq trunk? Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Option log-queries=extra complains about extraneous parameter
Hi. Trying to use the new extra logging results in a failed startup and a syslog message saying the configuration has an extraneous parameter. Ist this a bug or am I missing something obvious? Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] log-queries=extra - Ignore my previous mail
I just found I actually was stupid. Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Reverse Lookups from the query log
Am Montag, den 23.02.2015, 21:39 + schrieb Simon Kelley: Thanks for that. I added the scripts to the /contrib directory of the source distribution. I hope that's OK. Yes, but better use the attached script. It is only one script now. I summarize: The script reads stdin and replaces all IP addresses with names before outputting it again. IPs from private networks are reverse looked up via dns. Other IP adresses are searched for in the dnsmasq query log. This gives names (CNAMEs if I understand DNS correctly) that are closer to the name the client originally asked for then the names obtained by reverse lookup. Just run netstat -n -4 | ./reverse_replace.sh to see what it does. It needs log-queries log-facility=/var/log/dnsmasq.log in the dnsmasq configuration. The script runs on debian (with ash installed) and on busybox. A future version will use log-queries=extra to look up the name the client actually asked for. Sincerely, Joachim reverse_replace.sh Description: application/shellscript ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Integration with iptables?
Just learned about the dnsmasq ipset option. That is really cool. Thanks, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Integration with iptables?
Hi. A use case for my router would be: Block every outgoing traffic except for that going to the domain whatsapp.net. Note: No way to do this by port, whatsapp is using http(s). Since there is no way to list the hosts in a domain this would require a way for dnsmasq to talk to iptables. Any suggestions on how to do that? tail -f dnsmasq-query.log | add_iptables_rules.sh could do that, but maybe this is worth implementing a way to talk to iptables. Can iptables tag ip addresses? There are lots of similar use cases, e.g.: Block everything from my tv except for 1. the request to test network connectivity and 2. all traffic going to netflix. In general, control over the outgoing traffic needs cooperation from dns. Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Integration with iptables?
A way to maintain ipsets via dnsmasq would for example do what I need. Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Log to database
Hi. The main problem for my reverse_replace script is speed. It takes a minute, which is too slow to be run from a web gui. This is because the script parses the last 15k lines and puts them into an IP->name lookup tables made up from enviroment variables. Is there a way to log queries to a database? Something along the lines of log-facility=/named/pipe and a clever script that turns its stdin into INSERT statements. This way I could avoid building the lookup table. Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] reverse_replace Script updated
Hi. Now that my router firmware supports the log-queries=extra option I had the motivation to rewrite my reverse_replace.sh script to use that. The script now replaces IP addresses with the names originally requested as A/ records. Please update he version in contribute. Sincerey, Joachim reverse_replace.sh Description: application/shellscript ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Log to database
On 13.06.2016 18:04, Eric Hiller wrote: "This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL and PostgreSQL. " http://www.rsyslog.com/doc/v8-stable/tutorials/database.html Hi. Unfortunately this does not fit my needs. Since my main target platform are routers I am looking for a zero dependency solution. An alternative syslogd is not an option. I think it should be possible to log to a named pipe and to have a script that is parsing everything from the pipe into db inserts. If nobody has done that yet I'll have to try it myself. Thanks, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Log to database
Oooops, logging to a pipe is not supported. Got the point ... Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Address configuration with wildcard
Hi. Is there a way to have address configuration entries with wildcards. I tried address=/alt#-mtalk.google.com/127.0.0.1 but it did not work with e.g. alt8-mtalk.google.com Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Address configuration with wildcard
On 27.11.2016 10:14, Albert ARIBAUD wrote: The only way to get the behaviour you are looking for in dnsmasq would be to modify the search_servers() function in src/forward.c -- without of course introducing any bug or impeding efficiency especially under high loads. Hi. Is this considered a reasonable feature? If I send a patch of acceptable quality, will it be added? Sincerely, Joachim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss