[Dnsmasq-discuss] [PATCH] log requests that aren't configured to be forwarded

[Justin Grudzien]

Simon,

I see that you are back and wanted to bring this up again. We are using
DNSMasq within AWS to perform DNS whitelisting and I noticed that there is
no log line produced when a domain is NOT configured to be forwarded. I
think this patch should take care of it and would love to have it
considered.

Justin

On Wed, Jul 19, 2017 at 3:57 PM, Justin Grudzien <jgrudzien at journera.com>
wrote:

> I made a small mistake in the patch. Here is the fix!
>
> Justin
>
>
> On Wed, Jul 19, 2017 at 3:32 PM, Justin Grudzien <jgrudzien at journera.com>
> wrote:
>
>> I made a small update to the patch where it adds the IP address in the
>> log message. This will identify the server making the request for the
>> domain that is not configured to forward.
>>
>> Justin
>>
>>
>> On Mon, Jul 17, 2017 at 1:44 PM, Justin Grudzien <jgrudzien at journera.com>
>> wrote:
>>
>>> We are running DNSMasq to whitelist domains within AWS. We wanted all
>>> domains not in the whitelist to produce a log line to be forwarded to our
>>> SIEM. Our goal is to detect people attempting DNS attacks against us. Here
>>> is a patch that produces a simple log line if a forwarding is not
>>> attempted.
>>>
>>> I would love this to be added to the main codebase. It is a simple
>>> change and will allow others to track non-whitelisted domains.
>>>
>>> Justin
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170925/46585470/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add-logging-for-non-forwarded-domains.patch
Type: application/octet-stream
Size: 1450 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170925/46585470/attachment.obj>