Peek at what you're doing! Golang implementation, DNSMASQ-based DNS request acquisition

This is a creation in Article, where the information may have evolved or changed.

Source Address

What is DNSMASQ (excerpt from the network)

DNSMASQ provides DNS caching and DHCP service functionality. As a domain name resolution server (DNS), DNSMASQ can increase the speed of connection to visited URLs by caching DNS requests. As a DHCP server, DNSMASQ can provide intranet IP addresses and routes for LAN computers. DNS and DHCP two functions can be implemented simultaneously or separately. The DNSMASQ is lightweight and easy to configure for individual users or networks with fewer than 50 hosts. In addition, it comes with a PXE server.
More detailed https://wiki.archlinux.org/index.php/Dnsmasq_ (%e7%ae%80%e4%bd%93%e4%b8%ad%e6%96%87)

What is Dnsmasq_admin?

This thing is to filter the log generated by DNSMASQ, send user-generated access records to the designated computer, then the administrator can review these URLs, and can block access to those URLs.

Principle

This is a small tool, practical go completion, the principle is this:

1. DNSMASQ Open the debug log and specify a log output address.
2. Get the source code and compile the executable program.
3. executed under Root. Assign programs to logs, such as Start-up run:/home/gao/dnsmasq_admin/var/log/dnsmasq.log >/var/log/dnsmasq_amdin.log 2>&1 &
4. When any user's DNS access records are received, the program proactively sends data to another dnsmasq_admin where it was launched. Where it is accepted, you can control whether the service will redirect the domain name to the 127.0.0.1 of these unavailable domains.

This program runs in two modes, one is Analysis mode and one is monitoring mode. You can see the purpose from the Http.go code:

Func init () {    http. Handlefunc ("/api/send", Addnewfetch)   //monitoring location is used to receive messages sent in Analysis mode.     http. Handlefunc ("/api/addhost", addhosts)   //Append hosts to DNS server    http. Handlefunc ("/", list)          //View list    http. Handlefunc ("/IP", listwithip)  //List of some IPs    go http. Listenandserve (": 22225", nil)//start port. }

In monitoring mode, direct access to http://localhost:22225 view all IP addresses that use this DNS server

192.168.0.41192.168.0.60

Click on any IP address to get all the DNS requests from the user under this IP.

192.168.0.60 suggestion.baidu.com Block192.168.0.60 sdup.360.cn Block192.168.0.60 cdndownload.alipay.com Block192.168.0.60 stat.sd.360.cn Block192.168.0.60 tr.p.360.cn Block192.168.0.60 image.baidu.com Block192.168.0.60 t10.baidu.com Block192.168.0.60 fm.dl.126.net Block

Deployment

Then, how to let the person use this dnsmasq, you can fill in the router inside, the connection network's DNS server address option fills in your DNSMASQ address. Then all DHCP users will automatically use your DNS service.

DNSMASQ Logging Settings

Dnsmasq.conf:

Log-querieslog-facility=/var/log/dnsmasq.log

For more information about DNSMASQ:

Https://wiki.archlinux.org/index.php/Dnsmasq_ (%e7%ae%80%e4%bd%93%e4%b8%ad%e6%96%87)

If you want to know more about Dnsmasq_admin,

Looks like you can find me from here @ablegao