mess-with-dns-backend icon indicating copy to clipboard operation
mess-with-dns-backend copied to clipboard

Published 20 hours ago verified publisher icon jvns

Show the full DNS query and response in the request log

Open klaus-nicat opened this issue 3 years ago • 5 comments

For the incoming queries, please also log the IP address where the query comes from, not only the PTR.

Also it would be interesting to see at what IP address the request was received, mess-with-dns1.wizardzines.com. or mess-with-dns2.wizardzines.com.

klaus-nicat avatar Dec 16 '21 07:12 klaus-nicat

In fact, I would love to see much more info, if possible.

Like ECS (RFC7871) information, when available. As well as other EDNS0-data (the OPT-record). And also flags (like DO-bit if present).

But this may be beyond the scope of this tool. 😛

mdavids avatar Dec 16 '21 08:12 mdavids

This makes sense to me, I just need to figure out the right design.

jvns avatar Dec 17 '21 20:12 jvns

I've added the IP address, and I agree showing the full query/response is a good idea -- will look into it.

jvns avatar Aug 17 '24 16:08 jvns

I suggest looking into passive sniffing when logging the DNS-requests and responses. Using the pcap interface and something like tshark or tcpdump. I'm not a Go-programmer myself, but there seems to be GoPacket: https://github.com/google/gopacket/blob/master/layers/dns.go

jonaslejon avatar Aug 19 '24 18:08 jonaslejon

@jonaslejon what problem are you proposing solving with that suggestion? We already have all the information we need to do this, displaying it is just a UI issue.

jvns avatar Aug 19 '24 18:08 jvns