Tracking request status unambiguously

davekr8 · December 22, 2017, 12:24pm

The shown status of request seems to be not accurate in some conditions.

Idea:

Using extended logging to resolve this issue.

Prerequisite:

Activation of extended logging in the dnsmasq config, i.e. log-queries=extra

Output will be like:

Dec 21 14:10:54 dnsmasq[15882]: 214 192.168.2.102/14055 reply e15.whatsapp.net is 169.47.42.231
Dec 21 14:10:54 dnsmasq[15882]: 214 192.168.2.102/14055 reply e15.whatsapp.net is 108.168.180.121
Dec 21 14:10:54 dnsmasq[15882]: 214 192.168.2.102/14055 reply e15.whatsapp.net is 169.47.42.235
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 query[A] mmg-fna.whatsapp.net from 192.168.2.102
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 156.154.70.1
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 129.250.35.250
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 4.2.2.1
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 8.8.4.4
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 8.8.8.8
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 176.95.16.251
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 176.95.16.235
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 reply mmg-fna.whatsapp.net is <CNAME>
Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 reply mmx-fb.cdn.whatsapp.net is 185.60.216.53
Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 query[A] www.flickr.com from 192.168.2.101
Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 cached www.flickr.com is <CNAME>
Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 forwarded www.flickr.com to 156.154.70.1
Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 forwarded www.flickr.com to 129.250.35.250
Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 forwarded www.flickr.com to 4.2.2.1

Task:

Parsing of logging need to respect the extra info (seems to be the portnumber for the request).

Edit: I have realized that there is already some progress on utilizing the extra logging flag in github.

jacob.salmela · December 22, 2017, 9:10pm

Yes, we are looking into this on the link you provided.

DL6ER · December 22, 2017, 11:23pm

Yes, I re-wrote FTL's parser routine to work on log-queries=extra data.

Note that we weren't able to do this up till now as the extra functionality needs at least dnsmasq v2.73 So far, we couldn't rely on that all systems have at least this version. However, due to some recent bug fixes, all current systems received updates to fairly recent versions. See also https://access.redhat.com/security/vulnerabilities/3199382

This change will finally terminate support for Debian wheezy and Ubuntu trusty.

yubiuser · May 31, 2020, 11:53am

Implemented.