Add section for logging queries with client IPs

Installation-on-OpenWrt.md

@@ -2,6 +2,7 @@
 * [Package installation (Basic)](#package-installation-basic)
 * [Manual installation (Advanced)](#manual-installation-advanced)
 * [Recommended tweaks](#recommended-tweaks)
+* [Logging DNS queries with client IPs](#logging-dns-queries-with-client-ips)
 * [Verifying the configuration](#verifying-the-configuration)
 
 ## Which method to use?
@@ -231,6 +232,22 @@ And reload Firewall: `/etc/init.d/firewall reload`
 
 **Note:** Alternatively, if you are using the [adblock](https://github.com/openwrt/packages/tree/master/net/adblock/files) package you can enable the `Force Local DNS` option which will create these rules automatically for you.
 
+## Logging DNS queries with client IPs
+
+`dnscrypt-proxy` can [log queries](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Logging), but in this OpenWrt configuration it cannot log the requesting client IP address because `dnsmasq` is forwarding the request to `dnscrypt-proxy`. It can be helpful to know the requesting client IP in order to identify which device is making a particular DNS query. This can be achieved by enabling query logging in `dnsmasq` as follows:
+
+```sh
+config dnsmasq
+    # equivalent to --log-queries=extra in dnsmasq
+    option logqueries '1'
+    # where to write log file to
+    option logfacility '/tmp/dnsmasq_queries.log'
+```
+```
+/etc/init.d/dnsmasq restart
+```
+**Note:** These logs accumulate quickly so it is recommended to write to an external share or storage device as embedded devices have limited flash  write cycles and storage space.
+
 ## Verifying the configuration
 
 #### Check that you are not using your ISP resolver any more: