?
Solved

Find source of DNS reuquest

Posted on 2010-11-26
8
Medium Priority
?
391 Views
Last Modified: 2012-05-10
I am trying to trace back to the source of a DNS reuquest.  I can see the request to a BAD IP ADDRESS from our internal DNS server.  I would like to trace back to the system that made the original request.  How can this be done?
0
Comment
Question by:McFarlandClinic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218044
What is your operating System.

I would suggest using network monitor if its a windows system. It can be added via add or remove windows componets.

Or wireshark
0
 

Author Comment

by:McFarlandClinic
ID: 34218062
I have run wireshark, but I am a novice at using it.  I can see where my internal DNS tried to resolve the name, but I can't tell what internal system my DNS is doing the lookup for.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218076
What platform you are on?? Windows Server 2003??
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218101
Have you got enough client access licesnses ? (CAL)?
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218206
"Have you got enough client access licesnses ? (CAL)?"

sorry that was a wrong message posted
0
 

Author Comment

by:McFarlandClinic
ID: 34218219
Windows server 2003
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34221575

> I have run wireshark, but I am a novice at using it.  I can see where my internal DNS tried to resolve the name, but I can't tell
> what internal system my DNS is doing the lookup for.

You'd need to capture the request from the client, not the request from the server to the rest of the world. The logging options in the DNS console should permit this although it won't be easy.

DNS packets do not contain a history of who asked what, therefore your only chance is to grab the request and its source IP.

Chris
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 2000 total points
ID: 34235317
You can also turn on debug logging on the DNS server:

Open the DNS console, right-click on your DNS server, and select Properties.  Click the Debug Logging tab and select the checkbox for Log packets for debugging.  Then you have a whole pile of options for which types of packets you want to log.  You can select and deselect those as appropriate.  (I'd leave both Outgoing and Incoming selected, as well as Request and Response.)

The log file is saved as system32\dns\dns.log by default, although you can change that in the Properties window also.  Open the log in Notepad or your favorite text editor, do a little searching, and you should have the source of the query in no time.

Don't forget to turn off debug logging when you're done.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month12 days, 9 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question