Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Troubleshooting a DNS server
From: James Costello <genesiswave () gmail com>
Date: Fri, 10 Sep 2010 12:26:36 -0500

I'm doing a tcpdump on the DNS server which is how I am getting the server
query information.
Now I am trying to find out what is causing a server that has been update to
point at different servers to continue to query the old servers.

On Fri, Sep 10, 2010 at 12:08 PM, Tim Krabec <tkrabec () gmail com> wrote:

setup verbose logging or do a packet capture & get the IP's from there

  On Fri, Sep 10, 2010 at 12:36 PM, James Costello <genesiswave () gmail com>wrote:

  I am in the process of shutting down an old DNS for my employer andhave
been told that I can't shut it down until it stops getting queried from
other servers.  I am down to a hand full of Linux servers that are still
making a couple of queries per hour apiece.  The servers /etc/resolv.conf
have been updated to point to the new servers but there is an application or
process that is continuing to contact the old servers for resolution.
I have tried narrowing it down by the query and was able to eliminate a
couple of servers with NTPD running that needed the daemon restarted to
clear the cache, but a few more of the servers are making very general
requests i.e. internaldomain.com.
I am looking at using lsof to query for the service but am not having much
luck at the moment.  Below is the command I am using on the servers that are
making the query:
lsof -i @192.168.1.2 UDP:53 -n -r1

I am not overly familiar with lsof so please provide feedback.
If anyone has a suggestion for an alternate command or utility to use on a
Linux box, I'd be appreciative.
I used TCPView from SysInternals on the Windows boxes to perform this task
but have not found anything to do this other than lsof.  (though that could
be a limitation of the searches I have made on Google).

Thanks,
James

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
Tim Krabec
Kracomp
772-597-2349
www.kracomp.com
www.smbminute.com (podcast)
tkrabec.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]