?
Solved

Find source of DNS reuquest

Posted on 2010-11-26
8
Medium Priority
?
409 Views
Last Modified: 2012-05-10
I am trying to trace back to the source of a DNS reuquest.  I can see the request to a BAD IP ADDRESS from our internal DNS server.  I would like to trace back to the system that made the original request.  How can this be done?
0
Comment
Question by:McFarlandClinic
8 Comments
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218044
What is your operating System.

I would suggest using network monitor if its a windows system. It can be added via add or remove windows componets.

Or wireshark
0
 

Author Comment

by:McFarlandClinic
ID: 34218062
I have run wireshark, but I am a novice at using it.  I can see where my internal DNS tried to resolve the name, but I can't tell what internal system my DNS is doing the lookup for.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218076
What platform you are on?? Windows Server 2003??
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218101
Have you got enough client access licesnses ? (CAL)?
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34218206
"Have you got enough client access licesnses ? (CAL)?"

sorry that was a wrong message posted
0
 

Author Comment

by:McFarlandClinic
ID: 34218219
Windows server 2003
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34221575

> I have run wireshark, but I am a novice at using it.  I can see where my internal DNS tried to resolve the name, but I can't tell
> what internal system my DNS is doing the lookup for.

You'd need to capture the request from the client, not the request from the server to the rest of the world. The logging options in the DNS console should permit this although it won't be easy.

DNS packets do not contain a history of who asked what, therefore your only chance is to grab the request and its source IP.

Chris
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 2000 total points
ID: 34235317
You can also turn on debug logging on the DNS server:

Open the DNS console, right-click on your DNS server, and select Properties.  Click the Debug Logging tab and select the checkbox for Log packets for debugging.  Then you have a whole pile of options for which types of packets you want to log.  You can select and deselect those as appropriate.  (I'd leave both Outgoing and Incoming selected, as well as Request and Response.)

The log file is saved as system32\dns\dns.log by default, although you can change that in the Properties window also.  Open the log in Notepad or your favorite text editor, do a little searching, and you should have the source of the query in no time.

Don't forget to turn off debug logging when you're done.
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Did you know PowerShell can save you time with SaaS platforms? Simply leverage RESTfulAPIs to build your own PowerShell modules. These will kill repetitive tickets and tabs, using the command Invoke-RestMethod. Tune into this webinar to learn how…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question