[Dnsmasq-discuss] log-queries logging MAC addresses
nowak2000 at poczta.onet.pl
Wed Jan 14 00:05:55 GMT 2009
So I have a network of Windows machines that use NetBIOS for name
resolution. There is also an ADSL modem/router in the network that
assigns IP addresses with DHCP.
I configured a Linux box with dnsmasq that transparently logs and caches
DNS queries, configured the router with the Primary DNS pointing at that
Linux. When the machine goes down, which happens - it's a very old
one ;-), the external Secondary DNS is used.
That works well.
Now that I'm interested in monitoring DNS queries to detect malicious
activity, I enable "log-queries" option in the dnsmasq.conf file.
Unfortunately the IP addresses logged with the queries are not very
usable to me - there is another DHCP server in the network.
I would like to see a MAC address in the syslog, not to mention - the
NetBIOS name, that I now periodically achieve with
"nmblookup -A 192.168.1.$x" with x in 1..255 and correlate with syslog
Any ideas, how to work around this limitation now?
More information about the Dnsmasq-discuss