[Dnsmasq-discuss] Show host names in dnsmasq's log

Simon Kelley simon at thekelleys.org.uk
Sun Feb 4 18:23:02 GMT 2018 

There are two fundamental problems with doing this.

1) The whole architecture of dnsmasq in predicated on not blocking
whilst processing a DNS query, except when it's been punted on to an
upstream nameserver. Doing the reverse-DNS lookup requires blocking.
This problem was solved for DNSSEC (which might have to block whilst
doing subidiary DNS queries) but the solution is not general, and would
be hard to use. It's also only available when DNSSEC is compiled in and
activated.

2) The reverse DNS lookup, assuming you want the DNS to look the same as
the machine running dnsmasq sees, is eventually likely to end up back at
dnsmasq. In processing that query, dnsmasq may need to make another
query, and you could end up with, effectively infinite recursion.


IMHO it's much better to adapt something like logresolve  to
post-process the logs.


Cheers,

Simon.



On 04/02/18 17:15, Dominik Derigs, DL6ER wrote:
> Dear all,
> 
> I'm trying to show host names (rather than IP addresses, if available)
> in dnsmasq's log for A and AAAA queries, as well as for the forward
> destinations, i.e. I want to replace
> 
> Feb  4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from 10.8.0.2
> Feb  4 18:02:22 dnsmasq[14001]: forwarded clients6.google.com to 2620:fe::fe
> 
> by
> 
> Feb  4 18:02:22 dnsmasq[14001]: query[A] clients6.google.com from
> android.lan
> Feb  4 18:02:22 dnsmasq[14001]: forwarded clients6.google.com to
> dns.quad9.net
> 
> For doing this, I tried various attempts:
> 
> Firstly, I tried a simple approach using gethostbyaddr() to resolve the
> IP addresses to host names. Unfortunately, it seems like gethostbyaddr()
> cannot be used inside the DNS resolver process itself, as it always
> immediately fails with Unknown host (error code 1) for everything (incl.
> e.g. 127.0.0.1). I know that this would have some drawbacks (like
> causing a PTR request on every logging), but I would have solved them
> with various tricks like building my own lookup tables, etc. I tested my
> code in a small standalone application and here name resolution works
> perfectly.
> 
> Secondly, I build a wrapper around dnsmasq's routine
> cache_find_by_addr() to query dnsmasq's log for the host name.
> Obviously, this has two major drawbacks: This code is kind of cumbersome
> (esp. for IPv6) as I first have to format the IPs in the format that is
> expected by this routine and secondly that does, of course, only work
> for entries that are already in the cache. If a cache entry for
> dns.quad9.net is already present (since someone queried that manually),
> then this works just fine. However, if nobody did that, then there will
> also be no cache entry and there is no result.
> 
> My question is now: I would, of course, prefer to use the first version
> ( using gethostbyaddr() ) but that does not seem to work at all. I'm not
> sure if it's maybe related to that a process cannot connect to its own
> UDP socket or something, but I'd obviously prefer a rather simple
> solution. Any suggestions are highly appreciated.
> 
> Best regards,
> Dominik
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list