tracking source of dns queries
Michele Chubirka
chubirka at gwu.edu
Wed Jun 23 19:32:37 UTC 2004
Dnstop
http://dns.measurement-factory.com/tools/dnstop/
Helped me in the same situation. I was running out of recursive clients
after years of problem-free operation. Tracked it down to some
virus-infected Citrix systems. Blocked the systems at our border router =
and
problem went away. The sysadmin was VERY embarrassed. I've watched the
problem and at our site, was usually related to high amounts of virus
traffic.
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On =
Behalf
Of Mikael
Sent: Wednesday, June 23, 2004 2:52 PM
To: comp-protocols-dns-bind at isc.org
Subject: tracking source of dns queries
Hello,
I've posted earlier about a problem with recursive-clients. I got this =
sort
of logs :
Jun 14 09:23:30 hostname named[1045]: client: client 127.0.0.1#34559: no =
more recursive clients: quota reached
After doubling the "recursive-clients" option to 2000, I got this =
problem
again. It is really worrying because the dns server seems to stop =
accepting
requests and thus making the whole system unreachable, which is not =
really
appreciated as it's a mail server :(
Not knowing why this happens, I wonder if there's a way to track which
process sends dns queries on this host (many requests come from the host
itself).
Any idea ?
--=20
Mikael
More information about the bind-users
mailing list