How to log DNS queries from my home network?

3

I want to log all DNS lookups from computers on my home wireless network. What's the best way to do this?

Options I know of:

  1. Using OpenDNS and let it log queries for me. However, in order to then generate reports from their logs, I have to use a javascript-enabled headless browser to log into their stats web page and download stats to a script. This is painful.

  2. Run my own DNS server using djbdns or dnsmasq or some caching resolver (that isn't bind because that scares me), and have it generate log files. The problem here is making sure that nameserver stays up and the logs are rolled, etc.

  3. Use port-forwarding with logging and run iptables on a machine to forward to 8.8.8.8:53 (or whatever) after logging each query. This has the advantage that I'm forwarding to a robust DNS server rather than running my own, but I don't think what's logged will contain the full DNS query (there appears to be a netfilter hack that does what I want, but I'm reluctant to modify my kernel for this simple project).

Are there other options that I'm overlooking here?

Fixee

Posted 2014-10-20T04:42:10.033

Reputation: 288

Answers

1

Im sure there is better way to do this, especially if your router supports logging.

However here is a quick and dirty method you can use per machine.

You can use Wireshark to see all your DNS queries. You can run a capture on your interface and then filter for DNS. Below is a sample DNS capture, filtered for DNS:

enter image description here

Its interesting, you go to superuser.com and it queries a bunch of other StackExchange sites.

Keltari

Posted 2014-10-20T04:42:10.033

Reputation: 57 019

1

A lot of the NAS boxes, such as Synology, actually run Linux and have DNS packages available. An Atom-based or ARM NAS doesn't use much power and you can leave it on all of the time.

Alternatively, a $35 Raspberry Pi is more than powerful enough to host a DNS and/or DHCP server. There are lots of great distros where installing logrotate is trivial. You could also have it mail you a digest weekly if that's what you want.

Running your own caching DNS is a good idea and can often have a positive benefits such as:

  • Lower latency for DNS requests (if the request has been seen lately)
  • Allows for DHCP DNS registration
  • Run your own internal domain without messing with the hosts file on all of your devices
  • Plus even nerdier things I won't get into

MattPark

Posted 2014-10-20T04:42:10.033

Reputation: 1 061

Asked: 2014-10-20T04:42:10.033

Viewed: 6 848 times

Active: 2014-10-20T16:54:09.960