Diagnosing the Sources of "lame server" Queries
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Dec 16 22:16:58 UTC 2003
> I am seeing a lot of "lame server" messages on my BIND 9 internal
> servers. Is there an easy method for determining which of my client
> machines is sending the requests? The two BIND 9.2.2 servers in
> question are internal servers, so only my clients should be sending
> requests to them.
>
> I have tried running "snoop" on my Solaris servers, capturing a trace
> file, and then trying to match any trace records to the "lame server"
> messages. But snoop captures more data than I really need.
Turn on query logging. The name of the query is in the lame
messages (e.g. ns2.clearbrick.net and iprg.nokia.com) so it shouldn't
be to hard to pick out the client machine.
Dec 4 19:59:20 drugs named[5637]: Lame server on 'ns2.clearbrick.net' (in 'clearbrick.NET'?): [64.253.207.5].53 'ns1.clearbrick.net': learnt (A=192.55.83.30,NS=192.55.83.30)
Dec 4 09:07:48 drugs named[137]: lame server resolving 'iprg.nokia.com' (in 'iprg.nokia.com'?): 131.228.20.20#53
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Instrumentation Solutions Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list