I’m looking for a way to monitor the DNS requests that are being received by the router, which is configured as DHCP and DNS server for all devices.
I know I could log them, but that would massively clutter the logs and I don’t need to keep persistent DNS logs anyway. All I need is a quick way to see current/recent DNS requests to troubleshoot issues and understand which subdomains are being requested by current devices.
I tried to “torch” different interfaces but I couldn’t find a way to see domain names.
Wouldn’t that cause excessive wear on the NAND if every single DNS request is logged? I wouldn’t want to set up an external logging server just to check out 10 seconds of DNS logs every other week.
Is there any way to just temporarily make a trace/torch session to see the currently incoming DNS requests?
Well, my use case was to see those domains live from my phone (MikroTik app), like you can do with Cloudflare’s Warp app If I have to sit in front of my PC I might as well bring up the dev tools in my web browser…
I was hoping there would be a simpler way to see the DNS requests passing through my router.
Just create your own logging action (output), for example called DNSLOG, and then add a logging rule for DNS requests using that action. After that, check all DNS requests by open the log viewer in the Mikrotik app or WinBox and select DNSLOG in the top-right corner.
If you’re only going to monitor for a few days, it’s no problem to use the built-in flash drive. Otherwise, you should log to memory, external USB or network drive.
Here’s how to do it:
# If logging to memory with a maximum of 50,000 lines:
/system logging action add name=DNSLOG target=memory memory-lines=50000
# Or if you have a USB drive:
/system logging action add name=DNSLOG target=disk disk-file-name=usb1/dns-log.txt
# Enable logging for DNS requests with output to DNSLOG:
/system logging add topics=dns action=DNSLOG
Hold on, I think I’m an idiot. I don’t even need to create an action then, right?
Just create a new logging rule that logs the “dns” topic to memory, and leave it disabled.
Then, whenever I want to take a look at the dns requests, I can go to System → Logging → Rules from the mobile app, and just enable that new “dns” rule, then disable it when I’m done. Is that right?
Yep, just predefine topic=dns and enable it when needed. It might still be a good idea to create your own action=DNSLOG. That way, you can easily filter out just the DNS requests once logging is enabled.
If I have to sit in front of my PC I might as well bring up the dev tools in my web browser…