fbsd 4.4 and ipf 3.4.20
On a leased line to one of our clients, we have ipnat at their building
with about 300 users behind it. works great.
On the recursive DNS it uses in our shop, we see repeating PTR queries with
longtime average of 8/second. We've had this problem before and were able
to trace it down to a Computer Associate backup program.
Now we're having the same problem and can't track down the source.
ipfstat -t -D 0,53
shows:
Src Dest
10.0.0.35,1035 212.73.210.72,53 0/0 udp 4 1056 0:11
10.0.0.35,1035 212.73.210.69,53 0/0 udp 4 1056 0:10
212.73.210.22,2905 212.73.210.69,53 0/0 udp 2 427
0:07 *
212.73.210.22 is the NAT outside, 212.73.210.69 is the harrassed DNS.
We can't come up with fbsd or ipfstat commnad that shows the IP source of
the PTR queries on the 10.0.0 internal network.
suggestions?
Len
- Re: how to find the query culprit Len Conrad
- Re: how to find the query culprit Thomas Quinot
- Re: how to find the query culprit Antony Riley
- Re: how to find the query culprit Darren Reed
