How can I log DNS querries

[CivHunter]

Is there a way I can log DNS querries for each address inside my LAN? Optimally I would like to send this data to my Syslog server that is running on my NAS. I already have data coming from the router to my NAS. I have the Asus RT-ac66U running the newest build of the merlin firmware.

Thank you

 

[joegreat]

Is there a way I can log DNS querries for each address inside my LAN?

Hi,

Did you already try the "Log DHCP queries"-option unter LAN/DHCP Server on the web interface of the Router?

With kind regards
Joe

 

[CivHunter]

That seems to be functioning.

The DHCP log seems to be working ok. It is sending DHCP information to my syslog server on my NAS.

Under the Firewall / General tab I have "Logged packets type" set to "both". But I still show no DNS query resolution in my NAS.

 

[RMerlin]

Create a dnsmasq.conf.add config file with the following line:

log-queries

Then restart dnsmasq:

service restart_dnsmasq

 

[CivHunter]

Trouble with commands

I went into Tool - Run Cmd and entered "log-queries" and I get the error "sh: log-queries: not found". I also tried "log-queries dnsmasq.conf.add" and received a similar error. Not sure what step I missed. How do I add the dnsmasq.conf.add file? (also tried log-queries dnsmasq.conf with same results)

 

[RMerlin]

See the documentation on how to create custom configuration files.

 

[CivHunter]

It worked!

Thank you, thank you Merlin. It is logging all my DNS queries and it is getting logged on my NAS.

Just a quick followup question. Is this wearing out my internal flash memory for the JFFS partition?

 

[joegreat]

Just a quick followup question. Is this wearing out my internal flash memory for the JFFS partition?

Hi,

No it will not wear out jour JFFS partion if you enable it and just put the addon configuration on it (once)!

Only if you would put the log file there then it could become a problem.

With kind regards
Joe

 

[RMerlin]

And beside, I have probably written more often to my flash here than most of you ever will during the lifetime of your routers

But yeah, just don't put anything there that does frequent writes such as logs.

 

[CivHunter]

And beside, I have probably written more often to my flash here than most of you ever will during the lifetime of your routers

I am quite certain of that one!

But yeah, just don't put anything there that does frequent writes such as logs.

Ok, that is what I suspected. I would like to thank you for the quick replies to my questions and the awesome custom firmware you have built Merlin. Frankly its the reason I purchased this router. Thanks again!

 

[roccos]

Sorry for replying to such and old post.

I too had similar request and managed to get it to work also, however on my syslog server i cant see what host that did the querie, im only getting the router ip that does all the lookups, is there a setting i have missed to see the different hosts lookups ?

 

[David Wolfe]

Wow. I'm really gonna resurrect an old thread.

Found this thread while trying to do the exact same for my AC5300 router but I'm not having any luck. DNS queries are not being syslogged at debug level with the above .add file created in /jffs/configs and the dnsmasq service restarted.

Is this a valid set of instructions for 2020?

Thanks

 

[ColinTaylor]

Is this a valid set of instructions for 2020?

Yes. Check that your change has been successfully applied to /etc/dnsmasq.conf

 

[David Wolfe]

Negative. I do not see log-queries appended to /etc/dnsmasq.conf after the .add creation and service restart.

 

[dave14305]

Negative. I do not see log-queries appended to /etc/dnsmasq.conf after the .add creation and service restart.

Make sure JFFS custom configs and scripts is enabled in the GUI (Administration / System tab). Confirm the full path and name of your .add file: /jffs/configs/dnsmasq.conf.add

 

[David Wolfe]

Enabling it in the GUI was the missing piece! DNS queries are flowing like Niagara Falls nows!

Thanks for the spot-on advice!