Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
Simon, I see that you are back and wanted to bring this up again. We are using DNSMasq within AWS to perform DNS whitelisting and I noticed that there is no log line produced when a domain is NOT configured to be forwarded. I think this patch should take care of it and would love to have it considered. Justin On Wed, Jul 19, 2017 at 3:57 PM, Justin Grudzien <jgrudz...@journera.com> wrote: > I made a small mistake in the patch. Here is the fix! > > Justin > > > On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzien <jgrudz...@journera.com> > wrote: > >> I made a small update to the patch where it adds the IP address in the >> log message. This will identify the server making the request for the >> domain that is not configured to forward. >> >> Justin >> >> >> On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien <jgrudz...@journera.com> >> wrote: >> >>> We are running DNSMasq to whitelist domains within AWS. We wanted all >>> domains not in the whitelist to produce a log line to be forwarded to our >>> SIEM. Our goal is to detect people attempting DNS attacks against us. Here >>> is a patch that produces a simple log line if a forwarding is not >>> attempted. >>> >>> I would love this to be added to the main codebase. It is a simple >>> change and will allow others to track non-whitelisted domains. >>> >>> Justin >>> >>> >> > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
I made a small mistake in the patch. Here is the fix! Justin On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzien <jgrudz...@journera.com> wrote: > I made a small update to the patch where it adds the IP address in the log > message. This will identify the server making the request for the domain > that is not configured to forward. > > Justin > > > On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien <jgrudz...@journera.com> > wrote: > >> We are running DNSMasq to whitelist domains within AWS. We wanted all >> domains not in the whitelist to produce a log line to be forwarded to our >> SIEM. Our goal is to detect people attempting DNS attacks against us. Here >> is a patch that produces a simple log line if a forwarding is not >> attempted. >> >> I would love this to be added to the main codebase. It is a simple change >> and will allow others to track non-whitelisted domains. >> >> Justin >> >> > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
I made a small update to the patch where it adds the IP address in the log message. This will identify the server making the request for the domain that is not configured to forward. Justin On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien <jgrudz...@journera.com> wrote: > We are running DNSMasq to whitelist domains within AWS. We wanted all > domains not in the whitelist to produce a log line to be forwarded to our > SIEM. Our goal is to detect people attempting DNS attacks against us. Here > is a patch that produces a simple log line if a forwarding is not > attempted. > > I would love this to be added to the main codebase. It is a simple change > and will allow others to track non-whitelisted domains. > > Justin > > add-logging-for-non-forwarded-domains.patch Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq logging of rejected domains.
I am seeing lots of love on this forum and before I start digging into the source code does anyone have any knowledge on this issue? -J On Tue, Jun 20, 2017 at 2:22 PM, Justin Grudzien <jgrudz...@journera.com> wrote: > I am running dnsmasq and whitelisting domains which are acceptable for > lookup. I noticed that when someone does a lookup for a domain not in the > whitelist it logs a message saying it received the query request but it > never logs that the request was rejected or not in the whitelist. Is there > a way to log these events so that I can process them in my log aggregator? > I am trying to profile rejected attempts. Thanks for the assistance. > > -J > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dnsmasq logging of rejected domains.
I am running dnsmasq and whitelisting domains which are acceptable for lookup. I noticed that when someone does a lookup for a domain not in the whitelist it logs a message saying it received the query request but it never logs that the request was rejected or not in the whitelist. Is there a way to log these events so that I can process them in my log aggregator? I am trying to profile rejected attempts. Thanks for the assistance. -J ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
