[Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded
Justin Grudzien
jgrudzien at journera.com
Wed Jul 19 21:32:37 BST 2017
I made a small update to the patch where it adds the IP address in the log
message. This will identify the server making the request for the domain
that is not configured to forward.
Justin
On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien <jgrudzien at journera.com>
wrote:
> We are running DNSMasq to whitelist domains within AWS. We wanted all
> domains not in the whitelist to produce a log line to be forwarded to our
> SIEM. Our goal is to detect people attempting DNS attacks against us. Here
> is a patch that produces a simple log line if a forwarding is not
> attempted.
>
> I would love this to be added to the main codebase. It is a simple change
> and will allow others to track non-whitelisted domains.
>
> Justin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170719/4b3b6b28/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add-logging-for-non-forwarded-domains.patch
Type: application/octet-stream
Size: 1442 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170719/4b3b6b28/attachment.obj>
More information about the Dnsmasq-discuss
mailing list