dnsmasq
1. Lire et analyser les logs
Consulter les logs des actions du service dnsmasq :
Jun 10 17:50:00 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:00 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:21 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:21 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:31 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:31 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:37 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:37 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:40 dnsmasq[21796]: query[A] zyx.qq.com from 115.34.22.160 Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 114.114.114.114 Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 223.5.5.5 Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 123.151.43.51 Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 183.60.62.158 Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 113.108.1.90 Jun 10 17:50:42 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:42 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:52 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:52 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:58 dnsmasq[21796]: query[A] ic.wps.cn from 115.34.22.160
Extraire une liste des noms de domaine demandés :
awk '!seen[$6]++ {print $6}' /var/log/syslog
Exemple de configuration
Création d'un fichier de configuration spécifique dans /etc/dnsmasq.d/acegrp.conf
alias=8.8.8.8,192.168.100.1 listen-address=127.0.0.1,192.168.100.1 domain-needed bogus-priv filterwin2k localise-queries local=/acegrp.lan/ domain=acegrp.lan expand-hosts no-negcache no-resolv clear-on-reload #resolv-file=/tmp/resolv.conf.auto dhcp-authoritative dhcp-leasefile=/tmp/dhcp.leases #log-queries log-dhcp # use /etc/ethers for static hosts; same format as --dhcp-host #read-ethers # activez le serveur DHCP: # Plage DHCP dhcp-range=192.168.100.2,192.168.100.254,1h # Netmask dhcp-option=1,255.255.255.0 # Route dhcp-option=3,192.168.100.254 dhcp-option=option:dns-server,192.168.100.3 # Set the NIS domain name to "acegrp.lan" dhcp-option=40,acegrp.lan # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave. dhcp-option=252,"\n" # If a DHCP client claims that its name is "wpad", ignore that. # This fixes a security hole. see CERT Vulnerability VU#598349 dhcp-name-match=set:wpad-ignore,wpad dhcp-ignore-names=tag:wpad-ignore #upstream #server=192.168.100.3 #server=1.1.1.1 server=9.9.9.10
server permet d'indiquer le serveur upstream DNS. Il est nécessaire de l'indiquer car la consultation du fichier /etc/resolv.conf a été désactiver avec l'option no-resolv.
Discussion