Closed kevdel closed 8 years ago
maxtors
commented
8 years ago Edit: wow, i should start reading before i answer stuff. Sorry for that.
When you exit passivedns, it prints some statistics, anything there? And, are you seeing both the query and the reply. As far as iknow this implementation of passive DNS needs both query and reply.
gamelinux
commented
8 years ago kevdel: you can send me a pcap collected from the RPi of one dns query+ the answer. Ill take a look.
kevdel
commented
8 years ago Apologies to all. My outbound DNS traffic was getting pushed to the pi running passive dns but the return traffic was not. Once I put a rule in to mirror any target machine inbound traffic to the pi then the passivedns daemon picked up the request and logged correctly.
my bad..
On Fri, Nov 27, 2015 at 1:35 AM, Edward Fjellskål notifications@github.com wrote:
kevdel: you can send me a pcap collected from the RPi of one dns query+ the answer. Ill take a look.
— Reply to this email directly or view it on GitHub https://github.com/gamelinux/passivedns/issues/63#issuecomment-160059246 .
Issue: dns requests contained within mirrored traffic sent to host running passivedns are not showing up with passivedns log
following setup
tomato router (192.168.1.1) with iptables rules for a particular host (192.168.1.1.124) on my network to mirror all traffic to a raspberry pi (192.168.1.128). rapsberry pi is running passivedns listening on eth0
TCPDUMP Output on raspberry pi from "wget bearsalive.com" run on my 192.168.1.124 host 02:22:04.608185 IP 192.168.1.124.46413 > 8.8.8.8.53: 55093+ A? bearalive.com. (31)
However there is no entry made to the /var/log/passivedns.log file