The shown status of request seems to be not accurate in some conditions.
Idea:
- Using extended logging to resolve this issue.
Prerequisite:
- Activation of extended logging in the dnsmasq config, i.e.
log-queries=extra
Output will be like:
Dec 21 14:10:54 dnsmasq[15882]: 214 192.168.2.102/14055 reply e15.whatsapp.net is 169.47.42.231 Dec 21 14:10:54 dnsmasq[15882]: 214 192.168.2.102/14055 reply e15.whatsapp.net is 108.168.180.121 Dec 21 14:10:54 dnsmasq[15882]: 214 192.168.2.102/14055 reply e15.whatsapp.net is 169.47.42.235 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 query[A] mmg-fna.whatsapp.net from 192.168.2.102 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 156.154.70.1 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 129.250.35.250 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 4.2.2.1 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 8.8.4.4 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 8.8.8.8 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 176.95.16.251 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 forwarded mmg-fna.whatsapp.net to 176.95.16.235 Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 reply mmg-fna.whatsapp.net is <CNAME> Dec 21 14:11:28 dnsmasq[15882]: 215 192.168.2.102/18915 reply mmx-fb.cdn.whatsapp.net is 185.60.216.53 Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 query[A] www.flickr.com from 192.168.2.101 Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 cached www.flickr.com is <CNAME> Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 forwarded www.flickr.com to 156.154.70.1 Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 forwarded www.flickr.com to 129.250.35.250 Dec 21 14:11:48 dnsmasq[15882]: 216 192.168.2.101/65293 forwarded www.flickr.com to 4.2.2.1
Task:
- Parsing of logging need to respect the extra info (seems to be the portnumber for the request).
Edit: I have realized that there is already some progress on utilizing the extra logging flag in github.