DNS packet syslogging using iptables NFLOG, written in C++. This program parses A, AAAA and PTR type DNS reply packets and logs the details to syslog or console.
nflog_dns.cpp requires libtins, libnetfilter_log and libspdlog libraries
- sudo apt-get install build-essential libtins-dev libnetfilter-log-dev libspdlog-dev
- make
- sudo ./start.sh
- sudo ./nflog_dns
- Make some DNS queries and observe the extracted names and IPs
- make deb
- make rpm
- Compile nflog_dns as above
- Optional: Edit the PREFIX in Makefile. By default installs to /usr/local
- sudo make install
- Install nflog_dns as above
- Edit options in /etc/default/nflog_dns to suit your needs
- sudo update-rc.d nflog_dns defaults
- sudo service nflog_dns start
- sudo make test
% nflog_dns -h
Usage: nflog_dns [OPTION]...
Extract DNS replies from NFLOG group
-g, --group=NUM NFLOG group to bind (default: 123)
-s, --syslog log replies to syslog instead of stdout
-f, --facility=FACILITY facility for syslog logging (default: user)
-l, --level=LOGLEVEL log level for syslog logging (default: info)
-h, --help print this help and exit
-v, --version show version and exit
--a=BOOL A record logging (default: yes)
--aaaa=BOOL AAAA record logging (default: yes)
--cname=BOOL CNAME record logging (default: yes)
--ptr=BOOL PTR record logging (default: yes)
A bug in libtins ip6.arpa PTR reply parsing prevents logging IPv6 reverse DNS lookups.
- Run the create_release.sh script