[SOLVED] Perl - OpenBSD : what module would be best for logging DNS requests?
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i would like to log my networks dns requests, just to compare those to bad_hosts and malware_domains lists.
i dont need written script, just friendly nudge towards right (module) direction :P
1. Are you using your own nameserver, or trying to do this at the client side?
2. What are you running, and a bit about the hardware and network please?
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
Quote:
Originally Posted by wpeckham
1. Are you using your own nameserver, or trying to do this at the client side?
2. What are you running, and a bit about the hardware and network please?
thanks bud for the reply
client side, basically i need just packet sniffer which listens to tcp/udp 53 and writes em to dns_log.txt
i think some dns traffic uses https, am i right ? if thats the case i cant sniff it.
i use 8.8.8.8 and 8.8.4.4 nameservers. <- googles nameservers.
using OpenBSD , at Linux there is program called "passivedns" i have tried to compile it with BSD but couldnt do it. https://github.com/gamelinux/passivedns
at my linux box i use ^that program to log dns traffic, i need to do that now at OpenBSD. and with perl.
I have run my own DNS server (Caching and forwarding) in my home network, and could set it's logs to provide information that would serve this purpose. That would be easy.
To do this on the client side, and where some or all requests may use encrypted DNS, might take some research into the network and require a special kernel module. That sounds like a fun project, but I have no resources to spend on that right now.
It might be somewhat workable to track just traditional resolution calls going out to your nemeserver. Perhaps a better option would by to install and use something like DNSMASQ and cache name service directly on your client. This has the advantage of reducing DNS calls going outside your box, speeding up some kinds of network activity (in some cases a lot), and providing you something that can LOG all of that traffic. That is the solution I would check out before setting out to reinvent the horse.
Keep in mind that you are creating a log that can, unless managed, grow without bound. You must consider and manage your log size and storage space. Logrotate can be your friend here, but make sure that it can only run after you have parsed the data you need out of the logs.
All of this, of course, assumes that the logging is your goal. If your real goal is to write a PERL script then we need a different solution path.
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
yeah, i think i could set up my own DNS server, i like to practice new things.
my box has 100G var partition and 1.3T home partition so dns logs can be as big as they get.
For this purpose BIND would be overkill. you only need a caching DNS server that can log activity. There are smaller and faster options than BIND for that, and generally easier to understand and manage.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.