Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Troubleshooting a DNS server
From: Tim Krabec <tkrabec () gmail com>
Date: Fri, 10 Sep 2010 13:08:02 -0400

setup verbose logging or do a packet capture & get the IP's from there

On Fri, Sep 10, 2010 at 12:36 PM, James Costello <genesiswave () gmail com>wrote:

I am in the process of shutting down an old DNS for my employer andhave
been told that I can't shut it down until it stops getting queried from
other servers.  I am down to a hand full of Linux servers that are still
making a couple of queries per hour apiece.  The servers /etc/resolv.conf
have been updated to point to the new servers but there is an application or
process that is continuing to contact the old servers for resolution.
I have tried narrowing it down by the query and was able to eliminate a
couple of servers with NTPD running that needed the daemon restarted to
clear the cache, but a few more of the servers are making very general
requests i.e. internaldomain.com.
I am looking at using lsof to query for the service but am not having much
luck at the moment.  Below is the command I am using on the servers that are
making the query:
lsof -i @192.168.1.2 UDP:53 -n -r1

I am not overly familiar with lsof so please provide feedback.
If anyone has a suggestion for an alternate command or utility to use on a
Linux box, I'd be appreciative.
I used TCPView from SysInternals on the Windows boxes to perform this task
but have not found anything to do this other than lsof.  (though that could
be a limitation of the searches I have made on Google).

Thanks,
James

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Tim Krabec
Kracomp
772-597-2349
www.kracomp.com
www.smbminute.com (podcast)
tkrabec.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]