Monitor DNS queries toward Root severs
Warren Kumari
warren at kumari.net
Thu May 5 20:38:26 UTC 2016
On Wed, May 4, 2016 at 4:37 AM, Daniel Dawalibi
<daniel.dawalibi at idm.net.lb> wrote:
> Hello
>
>
>
> Is there any tool or configuration that allows us to monitor/graph the
> number of outbound DNS queries toward the Root servers?
>
Others have provided information on how to capture the traffic.
> As you can see in the below examples the first query answered by M root then
> F root in the second query.
I just wanted to make sure that you know that it is perfectly normal /
expected that your queries will go to different root servers. BIND
should learn which is fastest, but will periodically check other
letters as well..
Didn't want you to waste time troubleshooting an issue which doesn't exist....
W
>
>
>
> ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace
>
> ;; global options: +cmd
>
> . 450124 IN NS f.root-servers.net.
>
> . 450124 IN NS b.root-servers.net.
>
> . 450124 IN NS j.root-servers.net.
>
> . 450124 IN NS d.root-servers.net.
>
> . 450124 IN NS h.root-servers.net.
>
> . 450124 IN NS g.root-servers.net.
>
> . 450124 IN NS a.root-servers.net.
>
> . 450124 IN NS c.root-servers.net.
>
> . 450124 IN NS k.root-servers.net.
>
> . 450124 IN NS m.root-servers.net.
>
> . 450124 IN NS e.root-servers.net.
>
> . 450124 IN NS l.root-servers.net.
>
> . 450124 IN NS i.root-servers.net.
>
> ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 12 ms
>
>
>
> com. 172800 IN NS c.gtld-servers.net.
>
> com. 172800 IN NS d.gtld-servers.net.
>
> com. 172800 IN NS a.gtld-servers.net.
>
> com. 172800 IN NS h.gtld-servers.net.
>
> com. 172800 IN NS b.gtld-servers.net.
>
> com. 172800 IN NS f.gtld-servers.net.
>
> com. 172800 IN NS l.gtld-servers.net.
>
> com. 172800 IN NS k.gtld-servers.net.
>
> com. 172800 IN NS j.gtld-servers.net.
>
> com. 172800 IN NS m.gtld-servers.net.
>
> com. 172800 IN NS i.gtld-servers.net.
>
> com. 172800 IN NS g.gtld-servers.net.
>
> com. 172800 IN NS e.gtld-servers.net.
>
> ;; Received 489 bytes from 202.12.27.33#53(m.root-servers.net) in 68 ms
>
>
>
> cnn.com. 172800 IN NS ns1.timewarner.net.
>
> cnn.com. 172800 IN NS ns3.timewarner.net.
>
> cnn.com. 172800 IN NS ns1.p42.dynect.net.
>
> cnn.com. 172800 IN NS ns2.p42.dynect.net.
>
> ;; Received 190 bytes from 192.43.172.30#53(i.gtld-servers.net) in 64 ms
>
>
>
> www.cnn.com. 300 IN CNAME turner.map.fastly.net.
>
> ;; Received 64 bytes from 204.74.108.238#53(ns1.timewarner.net) in 61 ms
>
>
>
>
>
>
>
> ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace
>
> ;; global options: +cmd
>
> . 450105 IN NS a.root-servers.net.
>
> . 450105 IN NS f.root-servers.net.
>
> . 450105 IN NS l.root-servers.net.
>
> . 450105 IN NS h.root-servers.net.
>
> . 450105 IN NS b.root-servers.net.
>
> . 450105 IN NS g.root-servers.net.
>
> . 450105 IN NS k.root-servers.net.
>
> . 450105 IN NS i.root-servers.net.
>
> . 450105 IN NS j.root-servers.net.
>
> . 450105 IN NS c.root-servers.net.
>
> . 450105 IN NS m.root-servers.net.
>
> . 450105 IN NS d.root-servers.net.
>
> . 450105 IN NS e.root-servers.net.
>
> ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 0 ms
>
>
>
> com. 172800 IN NS j.gtld-servers.net.
>
> com. 172800 IN NS d.gtld-servers.net.
>
> com. 172800 IN NS h.gtld-servers.net.
>
> com. 172800 IN NS k.gtld-servers.net.
>
> com. 172800 IN NS g.gtld-servers.net.
>
> com. 172800 IN NS f.gtld-servers.net.
>
> com. 172800 IN NS c.gtld-servers.net.
>
> com. 172800 IN NS m.gtld-servers.net.
>
> com. 172800 IN NS a.gtld-servers.net.
>
> com. 172800 IN NS i.gtld-servers.net.
>
> com. 172800 IN NS l.gtld-servers.net.
>
> com. 172800 IN NS b.gtld-servers.net.
>
> com. 172800 IN NS e.gtld-servers.net.
>
> ;; Received 501 bytes from 192.5.5.241#53(f.root-servers.net) in 155 ms
>
>
>
> cnn.com. 172800 IN NS ns1.timewarner.net.
>
> cnn.com. 172800 IN NS ns3.timewarner.net.
>
> cnn.com. 172800 IN NS ns1.p42.dynect.net.
>
> cnn.com. 172800 IN NS ns2.p42.dynect.net.
>
> ;; Received 190 bytes from 192.26.92.30#53(c.gtld-servers.net) in 136 ms
>
>
>
> www.cnn.com. 300 IN CNAME turner.map.fastly.net.
>
> ;; Received 64 bytes from 208.78.70.42#53(ns1.p42.dynect.net) in 67 ms
>
>
>
> Regards
>
> Daniel
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the bind-users
mailing list