Feature #12939
closed
Extend DNS query log
0%
Description
Hello,
I would like to monitor which computer is trying to reach which URL. I also like to block certain URL's. For those purposes I try to force DNS-lookups via DNS-redirect to the pfSense resolver.
After doing so and adding "server: log-queries: yes" (https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-queries.html)
the DNS-querys are logged in "System Logs/DNS-resolver, however ......... without the related interface/GW and without the IP address of the computer initiating the query
In the mean time I noticed that it is possible to get a bit more info by adding
log-queries: yes
log-replies: yes
#log-tag-queryreply: yes
That does at least provide, in the reply, the IP-address of the querying computer.
It would be nice to have some improvements here which makes at possible see which URL's are queried from where
(and to import that elsewhere for further analyses
Updated by Louis B about 3 years ago
Note that the problem is related to the redirect with as consequence that everything is referring to 127.0.0.1 . So at this moment I am trying to find out what happens if I replace 127.0.0.1 with the vlan gateway address ....
Updated by Jim Pingle about 3 years ago
- Status changed from New to Rejected
A client would never tell the DNS server the whole URL it is querying, only the address of the server which is what gets logged already.
Beyond that, the content of the log from Unbound is up to Unbound, there is nothing we can do about that. The options you list are the only options they have available as far as I can see.