PaulDotCom mailing list archives
Re: Troubleshooting a DNS server
From: James Costello <genesiswave () gmail com>
Date: Tue, 14 Sep 2010 11:15:48 -0500
I am now using sudo netstat -vpcu >%servername%_%date%_netstat.txt On Fri, Sep 10, 2010 at 1:36 PM, Rob Michel <robmichel2854 () gmail com> wrote:
I can't think of anything that would detect which process is sending the traffic... However your real issue is that you don't want it asking DNS server anymore. If it's just resolving the same FQDN, just throw that entry into the hosts file on the server. Otherwise finding the process might be more like playing detective, what is the delta between the times of the query, what processes are running, etc. etc. On Fri, Sep 10, 2010 at 1:26 PM, James Costello <genesiswave () gmail com>wrote:I'm doing a tcpdump on the DNS server which is how I am getting the server query information. Now I am trying to find out what is causing a server that has been update to point at different servers to continue to query the old servers. On Fri, Sep 10, 2010 at 12:08 PM, Tim Krabec <tkrabec () gmail com> wrote:setup verbose logging or do a packet capture & get the IP's from there On Fri, Sep 10, 2010 at 12:36 PM, James Costello < genesiswave () gmail com> wrote:I am in the process of shutting down an old DNS for my employer andhave been told that I can't shut it down until it stops getting queried from other servers. I am down to a hand full of Linux servers that are still making a couple of queries per hour apiece. The servers /etc/resolv.conf have been updated to point to the new servers but there is an application or process that is continuing to contact the old servers for resolution. I have tried narrowing it down by the query and was able to eliminate a couple of servers with NTPD running that needed the daemon restarted to clear the cache, but a few more of the servers are making very general requests i.e. internaldomain.com. I am looking at using lsof to query for the service but am not having much luck at the moment. Below is the command I am using on the servers that are making the query: lsof -i @192.168.1.2 UDP:53 -n -r1 I am not overly familiar with lsof so please provide feedback. If anyone has a suggestion for an alternate command or utility to use on a Linux box, I'd be appreciative. I used TCPView from SysInternals on the Windows boxes to perform this task but have not found anything to do this other than lsof. (though that could be a limitation of the searches I have made on Google). Thanks, James _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Tim Krabec Kracomp 772-597-2349 www.kracomp.com www.smbminute.com (podcast) tkrabec.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- public key ... http://www.networktime.net/pgp-public.html _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Troubleshooting a DNS server James Costello (Sep 10)
- Re: Troubleshooting a DNS server Tim Krabec (Sep 10)
- Re: Troubleshooting a DNS server James Costello (Sep 10)
- Re: Troubleshooting a DNS server Rob Michel (Sep 10)
- Re: Troubleshooting a DNS server James Costello (Sep 14)
- Re: Troubleshooting a DNS server Chris Keladis (Sep 14)
- Re: Troubleshooting a DNS server James Costello (Sep 10)
- Re: Troubleshooting a DNS server Tim Krabec (Sep 10)