Find source of DNS reuquest
I am trying to trace back to the source of a DNS reuquest. I can see the request to a BAD IP ADDRESS from our internal DNS server. I would like to trace back to the system that made the original request. How can this be done?
ASKER
I have run wireshark, but I am a novice at using it. I can see where my internal DNS tried to resolve the name, but I can't tell what internal system my DNS is doing the lookup for.
What platform you are on?? Windows Server 2003??
Have you got enough client access licesnses ? (CAL)?
"Have you got enough client access licesnses ? (CAL)?"
sorry that was a wrong message posted
sorry that was a wrong message posted
ASKER
Windows server 2003
> I have run wireshark, but I am a novice at using it. I can see where my internal DNS tried to resolve the name, but I can't tell
> what internal system my DNS is doing the lookup for.
You'd need to capture the request from the client, not the request from the server to the rest of the world. The logging options in the DNS console should permit this although it won't be easy.
DNS packets do not contain a history of who asked what, therefore your only chance is to grab the request and its source IP.
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would suggest using network monitor if its a windows system. It can be added via add or remove windows componets.
Or wireshark