Is it Possible to Log nxdomain Responses?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 17 14:15:38 UTC 2010
On 17/11/10 13:48, Martin McCormick wrote:
> We are chasing down some problems in which clients are trying to
> resolve lookups to a domain related to Microsoft Active
> Directory zones. We were able to determine that clients were
> querying this AD zone when it was thought they weren't needing
> to do so.
>
> We enabled querylogging for a short time and saw a
> specific test system querying the domain and we were able to
> dump the cache of the master DNS running bind9.7.1 and saw
> numerous nxdomains for that zone. It would be nice to log each
> nxdomain for a while so we can verify that the new deligated
> zone we are about to install fixed the problem.
You could maybe do this with wireshark:
tshark -R dns.flags.rcode==3 -s 1600 -i any -T fields \
-e ip.src -e ip.dst -e dns.qry.name
More information about the bind-users
mailing list