Solved unable to capture DHCP leases / lease file in dnsmasq

[tOsYZYny]

I am attempting to have dnsmasq record leases to a lease file so that I can monitor what devices are on my network primitively (ELK stack would be ideal, but that is a bit more effort). That said, I made this change to my configuration file:

dhcp-leasefile=/var/db/dnsmasq/leases

I created the folder before hand and chowned it to nobody and then created the file as nobody followed by restarting dnsmas. The file is empty and I have repeatedly requested an IP and gotten one, yet the file remains empty. Is this possible?

I had a typo somewhere else, it is now working.

 

[Phishfry]

Here is my snippet from dnsmasq.conf that works. No file generation needed.

dhcp-leasefile=/var/db/dnsmasq/dnsmasq.leases

 

[tOsYZYny]

I had copied an older file and didn't bother checking my main configuration file which was not referencing the dhcp file. My main configuration file was just referencing my dns file at that point in time.

 

[Phishfry]

so that I can monitor what devices are on my network

I put my "known" machines on a static IP lease and that makes it easier to spot active dhcp clients.
Lower IPs are known. > .100 starts the active leases.

[SNIP]
## conf ###
conf-dir="/usr/local/etc/dnsmasq.d"
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
### Static IP ###
dhcp-host=00:0d:b9:56:a9:e0,APU2,192.168.1.5
dhcp-host=d4:d7:48:d3:4a:aa,SG500X,192.168.1.10
dhcp-host=3c:df:1e:b7:2e:02,SRW2008BENCH,192.168.1.11
dhcp-host=3c:df:1e:b7:2b:56,SRW2008,192.168.1.12
dhcp-host=64:d8:14:5c:ad:98,switch5cad98-9,192.168.1.13

I use the dnsmasq.d directory for a DNS blacklist that I manually update.

cd /usr/local/etc/dnsmasq.d
fetch https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt
service dnsmasq restart

 

[tOsYZYny]

Ok, I already had a process for which I used coredns to filter DNS, I take that file and pipe it to sed to get it to the desired format. I use /etc/ethers to drive DHCP presently whereas before when I used isc-dhcpd, I had a generated file which I had commented which device it was.

I also have my Wifi router logs coming into syslog and can spot clients that got connected via wifi, but should not. I compare those MACs with /etc/ethers and can identify which ones should not be connected.

Thanks for the CERT vulnerability notes, that is worth checking out.

I want to get DNS over TLS or HTTPS working with dnsmasq like I had with coredns along with DNS query logging with dnstap, but that is a separate concern.