Home page logo

pauldotcom logo PaulDotCom mailing list archives

Troubleshooting a DNS server
From: James Costello <genesiswave () gmail com>
Date: Fri, 10 Sep 2010 11:36:12 -0500

I am in the process of shutting down an old DNS for my employer andhave been
told that I can't shut it down until it stops getting queried from other
servers.  I am down to a hand full of Linux servers that are still making a
couple of queries per hour apiece.  The servers /etc/resolv.conf have been
updated to point to the new servers but there is an application or process
that is continuing to contact the old servers for resolution.
I have tried narrowing it down by the query and was able to eliminate a
couple of servers with NTPD running that needed the daemon restarted to
clear the cache, but a few more of the servers are making very general
requests i.e. internaldomain.com.
I am looking at using lsof to query for the service but am not having much
luck at the moment.  Below is the command I am using on the servers that are
making the query:
lsof -i @ UDP:53 -n -r1

I am not overly familiar with lsof so please provide feedback.
If anyone has a suggestion for an alternate command or utility to use on a
Linux box, I'd be appreciative.
I used TCPView from SysInternals on the Windows boxes to perform this task
but have not found anything to do this other than lsof.  (though that could
be a limitation of the searches I have made on Google).

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]