waltb123
asked on
Deciphering the DNS Cache
I was just curious, when I type in the following command on a Win2003 server
ipconfig/displaydns
and I see an entry like
Record Name . . . . . : pdns6.ultradns.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 23732
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 204.74.115.1
How do I discover what PC on our network or process on our server, etc, made the request to our server thereby creating that listing in the DNS cache?
ipconfig/displaydns
and I see an entry like
Record Name . . . . . : pdns6.ultradns.co.uk
Record Type . . . . . : 1
Time To Live . . . . : 23732
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 204.74.115.1
How do I discover what PC on our network or process on our server, etc, made the request to our server thereby creating that listing in the DNS cache?
Last Comment
ASKER
Could I use something like Wireshark on the server and setup a filter for DNS queries or something like that?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Great thanks a lot. Big help.
DNS
The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.
29K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
That's the local DNS Cache, not the DNS Server Cache. It shows the cached requests as a result of queries made by that machine (rather than queries made against a DNS Server hosted on that machine).
If you want to see the server cache you would open the DNS Console, then select View, Advanced. You will see a Cached Lookups folder with every cached response from requests made by your DNS server.
Tracing what did it is a much more difficult thing to do. You'd have to actively monitor network traffic and be aware of all requests made by the machine.
For example, one of my servers runs a bit of AV software. The cache always contains a response for the name of the AV provider because it gets updates on a very regular basis.
Chris