# If ubuntu
$ sudo apt-get install python3-scapy; 
# If OpenWrt
$ opkg install scapy
# If macOS
$ brew install libpcap; sudo pip3 install scapy -i https://pypi.python.org/simple

$ git clone git@github.com:Oros42/DNS_sniffer.git; cd DNS_sniffer

# For a specific interface
$ sudo python3 dns_sniffer.py -i eth0

# Write to a DB
$ sudo python3 dns_sniffer.py -i en0 -d db.sqlite

Demo

在一个 session运行

$ dig google.com

...

这次 DNS query即可被捕捉到

$ sudo python3 dns_sniffer.py -i tun0
IP source       | DNS server      | Count DNS request | Query
10.22.56.25
                  8.8.8.8
                                    1                   google.com.

Ref

https://github.com/Oros42/DNS_sniffer

Via `tcpdump`

$ sudo tcpdump --list-interfaces

$ sudo tcpdump udp port 53 --interface <pickone>


# To show and save to file all the A DNS requests, run this:
$ script -q -c "sudo tcpdump -l port 53 2>/dev/null | grep --line-buffered ' A? ' | cut -d' ' -f8" | tee dns.log

Via a Local DNS Server

Install Bind locally. Most distros default install of Bind will be non-autoritative caching-only.

Simply add a logging {} config block (as described in the Bind 9 Configuration Reference) then set your system to use 127.0.0.1 or ::1 as the DNS resolver.

Reference

https://unix.stackexchange.com/questions/43716/how-to-log-all-my-dns-queries

FEATURED TAGS

algorithm algorithmproblem architecturalpattern architecture aws c# cachesystem codis concurrentcontrol database dataformat datastructure debug design designpattern distributedsystem django docker domain engineering freebsd git golang grafana hackintosh hadoop hardware hexo http hugo ios iot java javaee javascript kafka kubernetes linux linuxcommand linuxio lock macos markdown microservices mysql nas network networkprogramming nginx node.js npm oop openwrt operatingsystem padavan performance programming prometheus protobuf python redis router security shell software-testing spring sql systemdesign truenas ubuntu vmware vpn windows wmware wordpress zookeeper

【Linux】记录所有 DNS 查询

Demo

Via `tcpdump`

Via a Local DNS Server

Reference

FEATURED TAGS

FRIENDS

TOC

[Recommend] Via DNS Sniffer

Demo

Via tcpdump

Via a Local DNS Server

Reference

FEATURED TAGS

FRIENDS

Via `tcpdump`