On 17/11/10 13:48, Martin McCormick wrote:
We are chasing down some problems in which clients are trying to resolve lookups to a domain related to Microsoft Active Directory zones. We were able to determine that clients were querying this AD zone when it was thought they weren't needing to do so.We enabled querylogging for a short time and saw a specific test system querying the domain and we were able to dump the cache of the master DNS running bind9.7.1 and saw numerous nxdomains for that zone. It would be nice to log each nxdomain for a while so we can verify that the new deligated zone we are about to install fixed the problem.
You could maybe do this with wireshark: tshark -R dns.flags.rcode==3 -s 1600 -i any -T fields \ -e ip.src -e ip.dst -e dns.qry.name _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
