Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
2 days, 3 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
detect dns server
Posted on 2013-01-06
sounds like a strange question, but is there a way to detect all dns servers on our internal network?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2 Comments
Several possible ways to discover active servers, not necessarily all of them (especially if someone is attempting to conceal them)...
Cisco and other enterprise class network equipment support netflow collection. Using netflow data you can look for traffic on TCP and UDP port 53. Any internal network address answering traffic on 53 will likely be a DNS server or doing something it isn't supposed to which is still interesting.
Placing a sniffer (Wireshark, TCPDump, etc) in a central network traffic location and mirroring traffic to it can also be used to scan for the same traffic as above.
Actively scanning for systems answering on TCP and/or UDP 53. NMAP is a free port scan utility that can do this. There are plenty of commercial offerings as well. Anything listening (and answering) on 53 is either a DNS server or again doing something it probably shouldn't be...
Cisco and other enterprise class network equipment support netflow collection. Using netflow data you can look for traffic on TCP and UDP port 53. Any internal network address answering traffic on 53 will likely be a DNS server or doing something it isn't supposed to which is still interesting.
Placing a sniffer (Wireshark, TCPDump, etc) in a central network traffic location and mirroring traffic to it can also be used to scan for the same traffic as above.
Actively scanning for systems answering on TCP and/or UDP 53. NMAP is a free port scan utility that can do this. There are plenty of commercial offerings as well. Anything listening (and answering) on 53 is either a DNS server or again doing something it probably shouldn't be...
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The Need
In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication. By default, if the time difference between systems is off by more …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network puzzl…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month2 days, 3 hours left to enroll
Earn Certification
MTA Networking Fundamentals Exam 98-366
$59.00$53.10
Earn Certification
MTA Server Fundamentals Exam 98-365
$59.00$53.10
717 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.