Is there a way to create a PHP file that monitors DNS requests

saud_saad · November 1, 2024, 2:38pm

Hello everyone, I have a question. Is there a way to create a PHP file that monitors DNS requests before making a decision to block the domain or allow it? Because I have an idea. I want to send an email alert if a specific site is accessed from a specific device.

deHakkelaar · November 1, 2024, 3:44pm

Via PHP is impractical.
You would need to code the PHP code and somehow turn it into a daemon that monitors Pi-hole.

You can use monit instead to monitor the Pi-hole log file for particular queries and notify via mail on event.
Below is in Dutch but you'll get the general idea (EDIT: skip the postfix bit, see reply below):

~~It depends on the postfix package that can be installed with below:~~

~~sudo apt install postfix~~

Instead of below criteria in the file /etc/monit/conf-available/pihole-logs:

if match "A] test.domain.lookup" then alert

you would need below to also include the client IP:

if match "A] test.domain.lookup from 10.0.0.11" then alert

Above is only for A and AAAA DNS record queries.
Below will notify for all record types:

if match "] test.domain.lookup from 10.0.0.11" then alert

Just follow the logs with below to determine the criteria:

pihole -t

If want to allow access to the monit webGUI from remote, you would also need to adjust/add below directives:

pi@ph5b:~ $ sudo nano /etc/monit/monitrc
[..]
set mailserver localhost
set alert my@mail.address not on { instance, action }

set httpd port 2812 and
   use address 0.0.0.0
   allow 0.0.0.0/0.0.0.0
   allow admin:monit

The webGUI will be listening on port 2812 with user/password = admin/monit.

Have a look on the official website as monit is extensive and can be used to extract all sorts of metrics from the system for notifications:

deHakkelaar · November 1, 2024, 5:03pm

Oh I just found out monit doesnt need postfix!
So you only need to install and configure monit!

And I noticed my ISP ditched its unauthenticated SMTP relay in the meantime (time-out) and only supports authenticated SMTP via TLS now.
Below an example for in the file /etc/monit/monitrc (replace Gmail details with ISP mail relay details):

saud_saad · November 1, 2024, 8:45pm

Thank you for your response.

system · November 22, 2024, 8:45pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.