[CLUE-Tech] bind question
David Anselmi
anselmi at americanisp.net
Wed Aug 21 20:22:28 MDT 2002
Mike Staver wrote:
> Well, I don't know what your-info.net is - since that's certainly not a
> zone file I maintain.
[...]
No one has a zone file on it, that's why it's lame.
> I have a lot of machines to check out if I'm going to track something like that down.
I can't say it's worth your while, but it might be interesting. If
nothing else the appropriate tcpdump or ethereal rule would show you who
is making the request. Something like this should work on the nameserver:
tcpdump -np udp | grep your-info.net
Perhaps there is some bind logging or debugging you could turn on that
would show you the same thing. What you'll see is something like:
20:15:28.324719 10.0.0.2.1025 > 10.0.0.1.53: 37366+ A?
your-info.net. (31) (DF)
This will all be on one line. The 10.0.0.2.1025 is the IP you're
looking for. 10.0.0.1 will be the IP of your nameserver.
HTH, easy enough if you have tcpdump handy.
Dave
More information about the clue-tech
mailing list