challBOE
asked on
Windows DNS server debug log shows linux (?) client trying to reach "PTS" and it fails
windows DNS server , 2012 r2. Roles = Active Directory Server and DNS server
Can anyone explain the following query (from DNS debug logging)
UDP Snd 10.1.2.3 31a4 R Q [8281 DR SERVFAIL] A (5)pts/0(0)
Where 10.1.2.3 is probably a Linux device?
My debug log is full of these. I don't know what
PTS (as a destination address) is and I dont know why its a SERVFAIL.
1. What is "PTS"
2. Why is it a SERVFAIL
3. Does this clog up my DNS server, I have a lot of these entries.
Can anyone explain the following query (from DNS debug logging)
UDP Snd 10.1.2.3 31a4 R Q [8281 DR SERVFAIL] A (5)pts/0(0)
Where 10.1.2.3 is probably a Linux device?
My debug log is full of these. I don't know what
PTS (as a destination address) is and I dont know why its a SERVFAIL.
1. What is "PTS"
2. Why is it a SERVFAIL
3. Does this clog up my DNS server, I have a lot of these entries.
You might consider doing a packet capture...
PTS? or PTR...
PTR is an attempt to get a hostname from an IP address. (aka reverse lookup).
(sometimes used for logging, or fe. authorizing a source system to mysql).
Then a gethostbyaddr() function is called, which attempts to get a hostname, if needed from a DNS server.
The system doing the query want to know the name of some other system ...
PTR is an attempt to get a hostname from an IP address. (aka reverse lookup).
(sometimes used for logging, or fe. authorizing a source system to mysql).
Then a gethostbyaddr() function is called, which attempts to get a hostname, if needed from a DNS server.
The system doing the query want to know the name of some other system ...
ASKER
Nope, definitely PTS/0.
I would suggest a packet capture to show the request and response
ASKER
Thanks. I am doing DNSDEBUG logs, which is similar to DIG or sniffer, which is how I discovered this.
I suspect this is a tailend of a linux client request.
I found this article, https://ns1.com/blog/decoding-dig-output, which was helpful in defining SERVFAIL versus NXDOMAIN.
I am closing this ticket, as we dont have that many Linux clients.
Thanks everyone
I suspect this is a tailend of a linux client request.
I found this article, https://ns1.com/blog/decoding-dig-output, which was helpful in defining SERVFAIL versus NXDOMAIN.
I am closing this ticket, as we dont have that many Linux clients.
Thanks everyone
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone.
It means the server failed to find a valid record.
No, unless your server is woefully under spec'd it won't notice. DNS servers take a lot of bogus queries every day. I can't offer any insight into why the client is sending the query though.