[Dnsmasq-discuss] Reverse Lookups from the query log

Joachim Zobel jz-2014 at heute-morgen.de
Sun Mar 1 19:34:00 GMT 2015


Am Montag, den 23.02.2015, 21:39 +0000 schrieb Simon Kelley:
> Thanks for that. I added the scripts to the /contrib directory of the
> source distribution. I hope that's OK.

Yes, but better use the attached script. It is only one script now.

I summarize:

The script reads stdin and replaces all IP addresses with names before
outputting it again. IPs from private networks are reverse looked  up
via dns. Other IP adresses are searched for in the dnsmasq query log.
This gives names (CNAMEs if I understand DNS correctly) that are closer
to the name the client originally asked for then the names obtained by
reverse lookup. Just run

netstat -n -4 | ./reverse_replace.sh 

to see what it does. It needs 

log-queries
log-facility=/var/log/dnsmasq.log

in the dnsmasq configuration.

The script runs on debian (with ash installed) and on busybox.

A future version will use log-queries=extra to look up the name the
client actually asked for.

Sincerely,
Joachim

-------------- next part --------------
A non-text attachment was scrubbed...
Name: reverse_replace.sh
Type: application/x-shellscript
Size: 2649 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150301/8496ff3d/attachment.bin>


More information about the Dnsmasq-discuss mailing list