Re: [Dnsmasq-discuss] Understand logging - don't find details

Tue, 11 Apr 2023 13:33:53 -0700 



On 11/04/2023 17:21, web...@manfbraun.de wrote:

Hello!

I want to find out the response time from clients request up to 
dnsmasq's response
(including the external answer!) to the client. But a look into the 
logfile - thought, easy

to make a wrapper, because I am missing dnstap support - wonders me.

For example, here a short excerpt, omitting the date, I cut out of a 
contueing block:
dnsmasq[315]: 86114 192.120.33.206/55020 query[PTR] 
155.33.120.192.in-addr.arpa from 192.120.33.206
dnsmasq[315]: 86114 192.120.33.206/55020 /etc/dnsmasq.d/hosts 
192.120.33.155 is proxy.lan.local



dnsmasq[315]: 86115 192.120.33.206/55020 query[A] stackoverflow.com from 
192.120.33206
dnsmasq[315]: 86115 192.120.33.206/55020 forwarded stackoverflow.com to 
208.67.222.222
dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is 
151.101.193.69
dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is 
151.101.65.69
dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is 
151.101.129.69
dnsmasq[315]: 86115 192.120.33.206/55020 reply stackoverflow.com is 
151.101.1.69



dnsmasq[315]: 86116 192.120.33.206/55020 query[A] alive.github.com from 
192.120.33.206
dnsmasq[315]: 86116 192.120.33.206/55020 forwarded alive.github.com to 
77.88.8.8

dnsmasq[315]: 86116 192.120.33.206/55020 reply alive.github.com is <CNAME>

dnsmasq[315]: 86116 192.120.33.206/55020 reply live.github.com is 
140.82.113.25

Am I right, that in the second column, is just a sequence number?

Then, the first block would be easy to understand and I could use the 
timedifference (the

time, were the loglines arrive in my warapper).
The second block looks like dnsmasq is sending four responses, because of

stackoverflow has four ip-addresses? Or does this mean, the query (of 
this second
block) started at it's first line and was complete(!) at the sixt line 
and the answer to
the client was one response packet? At least, the following "sequence" 
number then

is logically different.
The same pattern then is visible in the third block.
Some comments would help me!
Thanks so far,
Manfred



You seem to have pretty much decoded it.


The second column is a sequence number. It's more useful when dnsmasq is 
busy and more than one query is in progress at the same time, since it 
allows you to work out which answer goes with which query.


The four lines of responses are all in a single packet.


The third column is the address and port number of the client sending 
the request.


Simon.


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss






















					Reply via email to