Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: Question for DNS pros

From: "Paul Rolland" <rol () witbe net>
Date: Sun, 25 Jul 2004 11:41:44 +0200
Hello,


dns query is being asked...something like
tcpdump -n -s 1500 udp and port 53 and host 1.2.3.4


I already did this, and I already posted it here.  It didn't reveal 
anything that I wasn't already aware of - ns requests and ptr 
requests for 
that IP.


Update your tcpdump or verify the syntax.
I just tried :

tcpdump -v -s 1500 -n udp port 53

on our NS server, and it shows the complete details of the request.

09:38:50.669060 eth0 < 67.166.39-62.rev.gaoland.net.3746 >
sim-01.PAR.witbe.net.domain: 34277+ PTR? 250.92.168.192.in-addr.arpa. (45)
(DF) (ttl 61, id 145)
09:38:50.669312 eth0 > sim-01.PAR.witbe.net.domain >
67.166.39-62.rev.gaoland.net.3746: 34277 NXDomain* 0/1/0 (106) (ttl 64, id
22280)
09:38:50.672336 eth0 < 67.166.39-62.rev.gaoland.net.3746 >
sim-01.PAR.witbe.net.domain: 34278+ A? bench-02.cou.zt.witbe.net. (43) (DF)
(ttl 61, id 145)
09:38:50.672998 eth0 < cms-01.PAR.witbe.net.39257 >
sim-01.PAR.witbe.net.domain: 8689+ PTR? 67.166.39.62.in-addr.arpa. (43) (DF)
(ttl 64, id 34765)
09:38:50.673026 eth0 > sim-01.PAR.witbe.net.domain >
67.166.39-62.rev.gaoland.net.3746: 34278 Refused 0/0/0 (43) (ttl 64, id
22282)
...

Regards,
Paul

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: