HPE Community
Operating System - HP-UX
1833451 Members
2994 Online
110052 Solutions
New Discussion

Tracing DNS requests

 
SOLVED
Go to solution
Jon Guidry
New Member

‎12-27-2002 10:52 AM

‎12-27-2002 10:52 AM

Tracing DNS requests

Hey folks -

We're trying to decomission a DNS server and (with tracing on) still find other servers requesting DNS info from it.

We've made sure /etc/resolv.conf DOES NOT point to the server we're trying to decomission, but the server still (at least once a day) queries DNS on it.

Is there a way (besides using nettl) to turn on some kind of tracing on the server that's making the requests? I'm still trying to understand why a server would make DNS requests to a system that's not even in its resolve.conf

Thanks!
Carpe Diem
0 Kudos
Reply
6 REPLIES 6
Martin Johnson
Honored Contributor

‎12-27-2002 11:05 AM

‎12-27-2002 11:05 AM

Solution

Re: Tracing DNS requests

Have you checked the /etc/hosts files for the IP address of the old DNS server? It could be accessed by a different node name in the /etc/hosts file.

HTH
Marty
Reply
Jon Guidry
New Member

‎12-27-2002 11:07 AM

‎12-27-2002 11:07 AM

Re: Tracing DNS requests

Nope, the only thing in the /etc/hosts file is localhost and the server itself.
Carpe Diem
0 Kudos
Reply
John Bolene
Honored Contributor

‎12-27-2002 11:12 AM

‎12-27-2002 11:12 AM

Re: Tracing DNS requests

Sure do a sig_named debug 1 to turn it on

sig_named debug 0 to turn it off

I found that dns is a strange beast.

Trying to move dns servers and everyone points to the new server does not mean that it is still not using the old server.

I had to shutdown named on the old server before the clients would use the new one. I never could find out where they were cached. Even a reboot of the client did not help, they still tried to access the old server until the old server did not exist. It was like somewhere they said, I hit this one last time, I'll try it again.

It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
Reply
Jon Guidry
New Member

‎12-27-2002 11:31 AM

‎12-27-2002 11:31 AM

Re: Tracing DNS requests

We already have tracing turned on - on the DNS server that we're decomissioning. What's wierd is that the target (problem) server only requests once or twice a day from this DNS server. We can tell this from the log.

The only thing I'm wondering is if there's some way of tracing on the other machine (the one that's making the request of the DNS server). Since on this target machine, the soon-to-be-dead DNS server is NOT in resolv.conf, we can't figure out why it's going to it.

Any more ideas?
Carpe Diem
0 Kudos
Reply
John Bolene
Honored Contributor

‎12-27-2002 12:04 PM

‎12-27-2002 12:04 PM

Re: Tracing DNS requests

As I said in the previous note, I could not determine why my servers were still hitting it either.

Turning off named on the old server caused the clients to only use the new one. They did not have much choice.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
Reply
Wilfred Chau_1
Respected Contributor

‎12-27-2002 12:04 PM

‎12-27-2002 12:04 PM

Re: Tracing DNS requests

Do you see something like
"datagram from [x.x.x.x]" in /var/tmp/named.run file, after you turned on debug mode?

The above told you where the request is coming from.

You may want to check with your NT folks to see if they added your DNS as a forwarder in theirs.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.