Date: Sun, 14 Sep 1997 09:50:18 +0930 From: Greg Lehey <grog@lemis.com> To: pcoyne@br-inc.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DNS request from unknown process. Message-ID: <19970914095018.34672@lemis.com> In-Reply-To: <vines.WYZ7%2BtZN4oA@ftw9vnssvr.moinet.com>; from pcoyne@br-inc.com on Fri, Sep 12, 1997 at 02:35:21PM -0600 References: <vines.WYZ7%2BtZN4oA@ftw9vnssvr.moinet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 12, 1997 at 02:35:21PM -0600, pcoyne@br-inc.com wrote: > I have a problem with a client machines asking my DNS server for an invalid > (the machine name doesn't exist in DNS, nor should it) fully qualified > hostname. The request comes several times a second, any pointers as to > what processes on the client machines I should check first? > > > I have grep'ed /etc for the culprit's config files but to no avail, is > there a way to monitor on the client what process is making the call? Hmm. This isn't easy. Do you know which client machine is involved? If it's coming several times a second, you should see some activity from the process in question (use top); at the same time, use tcpdump to monitor the DNS activity (tcpdump port domain). if you then suspend the suspect process, you should then be able to confirm whether you're looking at the right process by the drop in DNS activity. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970914095018.34672>