subject:"Monitor DNS queries toward Root severs"

Re: Monitor DNS queries toward Root severs

2016-05-05 Thread Warren Kumari

On Wed, May 4, 2016 at 4:37 AM, Daniel Dawalibi
 wrote:
> Hello
>
>
>
> Is there any tool or configuration that allows us to monitor/graph the
> number of outbound DNS queries toward the Root servers?
>

Others have provided information on how to capture the traffic.


> As you can see in the below examples the first query answered by M root then
> F root in the second query.


I just wanted to make sure that you know that it is perfectly normal /
expected that your queries will go to different root servers. BIND
should learn which is fastest, but will periodically check other
letters as well..
Didn't want you to waste time troubleshooting an issue which doesn't exist

W


>
>
>
> ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace
>
> ;; global options: +cmd
>
> .   450124  IN  NS  f.root-servers.net.
>
> .   450124  IN  NS  b.root-servers.net.
>
> .   450124  IN  NS  j.root-servers.net.
>
> .   450124  IN  NS  d.root-servers.net.
>
> .   450124  IN  NS  h.root-servers.net.
>
> .   450124  IN  NS  g.root-servers.net.
>
> .   450124  IN  NS  a.root-servers.net.
>
> .   450124  IN  NS  c.root-servers.net.
>
> .   450124  IN  NS  k.root-servers.net.
>
> .   450124  IN  NS  m.root-servers.net.
>
> .   450124  IN  NS  e.root-servers.net.
>
> .   450124  IN  NS  l.root-servers.net.
>
> .   450124  IN  NS  i.root-servers.net.
>
> ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 12 ms
>
>
>
> com.172800  IN  NS  c.gtld-servers.net.
>
> com.172800  IN  NS  d.gtld-servers.net.
>
> com.172800  IN  NS  a.gtld-servers.net.
>
> com.172800  IN  NS  h.gtld-servers.net.
>
> com.172800  IN  NS  b.gtld-servers.net.
>
> com.172800  IN  NS  f.gtld-servers.net.
>
> com.172800  IN  NS  l.gtld-servers.net.
>
> com.172800  IN  NS  k.gtld-servers.net.
>
> com.172800  IN  NS  j.gtld-servers.net.
>
> com.172800  IN  NS  m.gtld-servers.net.
>
> com.172800  IN  NS  i.gtld-servers.net.
>
> com.172800  IN  NS  g.gtld-servers.net.
>
> com.172800  IN  NS  e.gtld-servers.net.
>
> ;; Received 489 bytes from 202.12.27.33#53(m.root-servers.net) in 68 ms
>
>
>
> cnn.com.172800  IN  NS  ns1.timewarner.net.
>
> cnn.com.172800  IN  NS  ns3.timewarner.net.
>
> cnn.com.172800  IN  NS  ns1.p42.dynect.net.
>
> cnn.com.172800  IN  NS  ns2.p42.dynect.net.
>
> ;; Received 190 bytes from 192.43.172.30#53(i.gtld-servers.net) in 64 ms
>
>
>
> www.cnn.com.300 IN  CNAME   turner.map.fastly.net.
>
> ;; Received 64 bytes from 204.74.108.238#53(ns1.timewarner.net) in 61 ms
>
>
>
>
>
>
>
> ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace
>
> ;; global options: +cmd
>
> .   450105  IN  NS  a.root-servers.net.
>
> .   450105  IN  NS  f.root-servers.net.
>
> .   450105  IN  NS  l.root-servers.net.
>
> .   450105  IN  NS  h.root-servers.net.
>
> .   450105  IN  NS  b.root-servers.net.
>
> .   450105  IN  NS  g.root-servers.net.
>
> .   450105  IN  NS  k.root-servers.net.
>
> .   450105  IN  NS  i.root-servers.net.
>
> .   450105  IN  NS  j.root-servers.net.
>
> .   450105  IN  NS  c.root-servers.net.
>
> .   450105  IN  NS  m.root-servers.net.
>
> .   450105  IN  NS  d.root-servers.net.
>
> .   450105  IN  NS  e.root-servers.net.
>
> ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 0 ms
>
>
>
> com.172800  IN  NS  j.gtld-servers.net.
>
> com.172800  IN  NS  d.gtld-servers.net.
>
> com.172800  IN  NS  h.gtld-servers.net.
>
> com.172800  IN  NS  k.gtld-servers.net.
>
> com.172800  IN  NS  g.gtld-servers.net.
>
> com.172800  IN  NS  f.gtld-servers.net.
>
> com.172800  IN  NS  c.gtld-servers.net.
>
> com.172800  IN

Re: Monitor DNS queries toward Root severs

2016-05-04 Thread Stephane Bortzmeyer

On Wed, May 04, 2016 at 07:03:13PM +1000,
 Mark Andrews  wrote 
 a message of 15 lines which said:

> fill in with the rest of the root servers names.

And if you don't like to type, or if you use another root:

sudo tcpdump -n -i ${INTERFACE} port 53 and \( $(for ns in $(dig +nodnssec 
+short NS .); do echo host $(dig +short +nodnssec  $ns) or; done) host 
2001:db8::::1 \)
# Last (dummy) host just to use the last "or"
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Monitor DNS queries toward Root severs

2016-05-04 Thread Mark Andrews


tcpdump -n \( host a.root-servers.net or host b.root-servers.net \) and dst 
port 53

fill in with the rest of the root servers names.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Monitor DNS queries toward Root severs

2016-05-04 Thread Jaap Akkerhuis

 Daniel Dawalibi writes:

 > 
 > Hello
 > 
 >  
 > 
 > Is there any tool or configuration that allows us to monitor/graph the
 > number of outbound DNS queries toward the Root servers?

http://dnstop.measurement-factory.com/

jaap
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Monitor DNS queries toward Root severs

2016-05-04 Thread Daniel Dawalibi

Hello

 

Is there any tool or configuration that allows us to monitor/graph the
number of outbound DNS queries toward the Root servers?

As you can see in the below examples the first query answered by M root then
F root in the second query.

 

; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace

;; global options: +cmd

.   450124  IN  NS  f.root-servers.net.

.   450124  IN  NS  b.root-servers.net.

.   450124  IN  NS  j.root-servers.net.

.   450124  IN  NS  d.root-servers.net.

.   450124  IN  NS  h.root-servers.net.

.   450124  IN  NS  g.root-servers.net.

.   450124  IN  NS  a.root-servers.net.

.   450124  IN  NS  c.root-servers.net.

.   450124  IN  NS  k.root-servers.net.

.   450124  IN  NS  m.root-servers.net.

.   450124  IN  NS  e.root-servers.net.

.   450124  IN  NS  l.root-servers.net.

.   450124  IN  NS  i.root-servers.net.

;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 12 ms

 

com.172800  IN  NS  c.gtld-servers.net.

com.172800  IN  NS  d.gtld-servers.net.

com.172800  IN  NS  a.gtld-servers.net.

com.172800  IN  NS  h.gtld-servers.net.

com.172800  IN  NS  b.gtld-servers.net.

com.172800  IN  NS  f.gtld-servers.net.

com.172800  IN  NS  l.gtld-servers.net.

com.172800  IN  NS  k.gtld-servers.net.

com.172800  IN  NS  j.gtld-servers.net.

com.172800  IN  NS  m.gtld-servers.net.

com.172800  IN  NS  i.gtld-servers.net.

com.172800  IN  NS  g.gtld-servers.net.

com.172800  IN  NS  e.gtld-servers.net.

;; Received 489 bytes from 202.12.27.33#53(m.root-servers.net) in 68 ms

 

cnn.com.172800  IN  NS  ns1.timewarner.net.

cnn.com.172800  IN  NS  ns3.timewarner.net.

cnn.com.172800  IN  NS  ns1.p42.dynect.net.

cnn.com.172800  IN  NS  ns2.p42.dynect.net.

;; Received 190 bytes from 192.43.172.30#53(i.gtld-servers.net) in 64 ms

 

www.cnn.com.300 IN  CNAME   turner.map.fastly.net.

;; Received 64 bytes from 204.74.108.238#53(ns1.timewarner.net) in 61 ms

 

 

 

; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace

;; global options: +cmd

.   450105  IN  NS  a.root-servers.net.

.   450105  IN  NS  f.root-servers.net.

.   450105  IN  NS  l.root-servers.net.

.   450105  IN  NS  h.root-servers.net.

.   450105  IN  NS  b.root-servers.net.

.   450105  IN  NS  g.root-servers.net.

.   450105  IN  NS  k.root-servers.net.

.   450105  IN  NS  i.root-servers.net.

.   450105  IN  NS  j.root-servers.net.

.   450105  IN  NS  c.root-servers.net.

.   450105  IN  NS  m.root-servers.net.

.   450105  IN  NS  d.root-servers.net.

.   450105  IN  NS  e.root-servers.net.

;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 0 ms

 

com.172800  IN  NS  j.gtld-servers.net.

com.172800  IN  NS  d.gtld-servers.net.

com.172800  IN  NS  h.gtld-servers.net.

com.172800  IN  NS  k.gtld-servers.net.

com.172800  IN  NS  g.gtld-servers.net.

com.172800  IN  NS  f.gtld-servers.net.

com.172800  IN  NS  c.gtld-servers.net.

com.172800  IN  NS  m.gtld-servers.net.

com.172800  IN  NS  a.gtld-servers.net.

com.172800  IN  NS  i.gtld-servers.net.

com.172800  IN  NS  l.gtld-servers.net.

com.172800  IN  NS  b.gtld-servers.net.

com.172800  IN  NS  e.gtld-servers.net.

;; Received 501 bytes from 192.5.5.241#53(f.root-servers.net) in 155 ms

 

cnn.com.172800  IN  NS  ns1.timewarner.net.

cnn.com.172800  IN  NS  ns3.timewarner.net.

cnn.com.172800  IN  NS  ns1.p42.dynect.net.

Re: Monitor DNS queries toward Root severs

Re: Monitor DNS queries toward Root severs

Re: Monitor DNS queries toward Root severs

Re: Monitor DNS queries toward Root severs

Monitor DNS queries toward Root severs

5 matches

Site Navigation

Mail list logo

Footer information