[SOLVED] dnsmasq log file equivelent for DNS Resolver
-
On my ASUS router, I recently watched the dnsmasq.log (tail –f dnsmasq.log) to identify the domains being referenced by a streaming media channel so I could create policy rules and route traffic between two OpenVPN clients. I was able to configure both my pfSense appliance and the ASUS router for my use case using policy rules with the firewall using the domain names that were identified.
I am using pfBlockerNG and DNS Resolver. DNS Resolver does not appear to use dnsmasq from what I can tell. Is there an equivalent dnsmasq log file for DNS Resolver I can look at to see the domain names being reference by my LAN traffic? I saw a file called /var/logresolver.log. But this only contained the domain names I had used in my firewall alias and firewall rules to route the traffic. Where are the domain name LAN traffic being logged to when using DNS Resolver? Googling not helping thus far.
Thank you.
SolutionAfter a few day of off and on googling for a solution, I was finally able to find the solution at this site:
https://doc.pfsense.org/index.php/DNS_Forwarder_Troubleshooting
In summary, in the DNS Resolver web gui page, you have to add the option log-queries: yes in the Custom options box. I then need to go to Status, Systems Log, Settings and turn on remote logging and check the box for DNS Events (Resolver/unbound, Forwarder/dnsmasq, filterdns). If I don't do this, I don't see unbound domain names entries logged in resolver.log.
To view the entries, you can tail -f /var/log/resolver.log
Or, you can install kiwi system log on your client machine (mine is Win 10) and watch the entries as you navigate websites or steaming media sites.
https://linhost.info/2010/07/pfsense-remote-logging-to-kiwi-syslog-server/
Note that there is a newer version of kiwi syslog and I was not able to get it working. I'll try again. So I reverted to the older version I already has installed.
I need this information as I want to route certain traffic between two OpenVPN client gateways depending on the domain names the traffic generates. For example, I am able to use this information to identify what domains are being called when I turn on a certain media steaming site. I can then create firewall rules to route this traffic to a VPN server in a large market to have more channels.
-
I need this information as I want to route certain traffic between two OpenVPN client gateways depending on the domain names the traffic generates. For example, I am able to use this information to identify what domains are being called when I turn on a certain media steaming site. I can then create firewall rules to route this traffic to a VPN server in a large market to have more channels.
If anyone need help in creating policy rules to do the above, let me know. I'll work on the instructions and post in the OpenVPN forum soon.