Following this setup http://www.g-loaded.eu/2010/09/18/caching-nameserver-using-dnsmasq/ I was able to configure a DNS resolver server using dnsmasq for my network. The setup works correctly and logs DNS name resolution.
I would like to make this setup also log Full-URL information, we don't want to intercept any data but only log what URL a user is accessing - using a DNS server to achieve this is the preferred solution.
Sadly you can not log what you do not have. The DNS is never asked for the URL. The DNS is only asked to resolve the host name to an IP. The DNS protocol does not deal with anything else.
If you need to log this, then I would say what you really need (although you may come to regret it...) is a [possibly transparent] proxy or a firewall that does Deep Packet Inspection (DPI) [which goes by various other names too], such as the FortiNet devices.
Neither of these will tell you about what goes happens inside a https connection (though it will tell you which IP/DNS they connected to), although if you cause all the devices to trust a local CA certificate that you create (and use to dynamically sign everything; your users will hate you for that, by the way), then you could look in all/most of the traffic.
If you need to know the 'user' (to determine who did what & when), then you either need an authenticating proxy, which can't be bypassed, or some other network authentication technology such as 802.1x port authentication, and some system that records temporal mapping of timeframe:user:ip:hostname:mac, which can then be retrieved later for reporting. .... that's a pretty advanced network though, and very likely outside if your ability to support.
