Hi all.
I'm looking for a way to monitor the DNS requests that are being received by the router, which is configured as DHCP and DNS server for all devices.
I know I could log them, but that would massively clutter the logs and I don't need to keep persistent DNS logs anyway. All I need is a quick way to see current/recent DNS requests to troubleshoot issues and understand which subdomains are being requested by current devices.
I tried to "torch" different interfaces but I couldn't find a way to see domain names.
Appreciate any help on this!
Re: Is there any way to trace current DNS requests received by the router?
Log to disk? It has to be (temporarily) stored somewhere.
Re: Is there any way to trace current DNS requests received by the router?
Wouldn't that cause excessive wear on the NAND if every single DNS request is logged? I wouldn't want to set up an external logging server just to check out 10 seconds of DNS logs every other week.Log to disk? It has to be (temporarily) stored somewhere.
Is there any way to just temporarily make a trace/torch session to see the currently incoming DNS requests?
Re: Is there any way to trace current DNS requests received by the router?
You can use Tools/Packer Sniffer to record traffic, save to Wireshard compatible format (pcap) and analyze later.
Re: Is there any way to trace current DNS requests received by the router?
Well, my use case was to see those domains live from my phone (MikroTik app), like you can do with Cloudflare's Warp appYou can use Tools/Packer Sniffer to record traffic, save to Wireshard compatible format (pcap) and analyze later.
If I have to sit in front of my PC I might as well bring up the dev tools in my web browser...I was hoping there would be a simpler way to see the DNS requests passing through my router.
Re: Is there any way to trace current DNS requests received by the router?
I was hoping there would be a simpler way to see the DNS requests passing through my router.
It's actually pretty easy!
Just create your own logging action (output), for example called DNSLOG, and then add a logging rule for DNS requests using that action. After that, check all DNS requests by open the log viewer in the Mikrotik app or WinBox and select DNSLOG in the top-right corner.
If you're only going to monitor for a few days, it's no problem to use the built-in flash drive. Otherwise, you should log to memory, external USB or network drive.
Here’s how to do it:
Code: Select all
# If logging to memory with a maximum of 50,000 lines:
/system logging action add name=DNSLOG target=memory memory-lines=50000
# Or if you have a USB drive:
/system logging action add name=DNSLOG target=disk disk-file-name=usb1/dns-log.txt
# Enable logging for DNS requests with output to DNSLOG:
/system logging add topics=dns action=DNSLOG
Re: Is there any way to trace current DNS requests received by the router?
Hold on, I think I'm an idiot. I don't even need to create an action then, right?I was hoping there would be a simpler way to see the DNS requests passing through my router.
It's actually pretty easy!
Just create your own logging action (output), for example called DNSLOG, and then add a logging rule for DNS requests using that action. After that, check all DNS requests by open the log viewer in the Mikrotik app or WinBox and select DNSLOG in the top-right corner.
If you're only going to monitor for a few days, it's no problem to use the built-in flash drive. Otherwise, you should log to memory, external USB or network drive.
Here’s how to do it:
Code: Select all# If logging to memory with a maximum of 50,000 lines: /system logging action add name=DNSLOG target=memory memory-lines=50000 # Or if you have a USB drive: /system logging action add name=DNSLOG target=disk disk-file-name=usb1/dns-log.txt # Enable logging for DNS requests with output to DNSLOG: /system logging add topics=dns action=DNSLOG
Just create a new logging rule that logs the "dns" topic to memory, and leave it disabled.
Then, whenever I want to take a look at the dns requests, I can go to System -> Logging -> Rules from the mobile app, and just enable that new "dns" rule, then disable it when I'm done. Is that right?
Re: Is there any way to trace current DNS requests received by the router? [SOLVED]
Yep, just predefine topic=dns and enable it when needed. It might still be a good idea to create your own action=DNSLOG. That way, you can easily filter out just the DNS requests once logging is enabled.