Re: Monitor DNS queries toward Root severs
On Wed, May 4, 2016 at 4:37 AM, Daniel Dawalibiwrote: > Hello > > > > Is there any tool or configuration that allows us to monitor/graph the > number of outbound DNS queries toward the Root servers? > Others have provided information on how to capture the traffic. > As you can see in the below examples the first query answered by M root then > F root in the second query. I just wanted to make sure that you know that it is perfectly normal / expected that your queries will go to different root servers. BIND should learn which is fastest, but will periodically check other letters as well.. Didn't want you to waste time troubleshooting an issue which doesn't exist W > > > > ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace > > ;; global options: +cmd > > . 450124 IN NS f.root-servers.net. > > . 450124 IN NS b.root-servers.net. > > . 450124 IN NS j.root-servers.net. > > . 450124 IN NS d.root-servers.net. > > . 450124 IN NS h.root-servers.net. > > . 450124 IN NS g.root-servers.net. > > . 450124 IN NS a.root-servers.net. > > . 450124 IN NS c.root-servers.net. > > . 450124 IN NS k.root-servers.net. > > . 450124 IN NS m.root-servers.net. > > . 450124 IN NS e.root-servers.net. > > . 450124 IN NS l.root-servers.net. > > . 450124 IN NS i.root-servers.net. > > ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 12 ms > > > > com.172800 IN NS c.gtld-servers.net. > > com.172800 IN NS d.gtld-servers.net. > > com.172800 IN NS a.gtld-servers.net. > > com.172800 IN NS h.gtld-servers.net. > > com.172800 IN NS b.gtld-servers.net. > > com.172800 IN NS f.gtld-servers.net. > > com.172800 IN NS l.gtld-servers.net. > > com.172800 IN NS k.gtld-servers.net. > > com.172800 IN NS j.gtld-servers.net. > > com.172800 IN NS m.gtld-servers.net. > > com.172800 IN NS i.gtld-servers.net. > > com.172800 IN NS g.gtld-servers.net. > > com.172800 IN NS e.gtld-servers.net. > > ;; Received 489 bytes from 202.12.27.33#53(m.root-servers.net) in 68 ms > > > > cnn.com.172800 IN NS ns1.timewarner.net. > > cnn.com.172800 IN NS ns3.timewarner.net. > > cnn.com.172800 IN NS ns1.p42.dynect.net. > > cnn.com.172800 IN NS ns2.p42.dynect.net. > > ;; Received 190 bytes from 192.43.172.30#53(i.gtld-servers.net) in 64 ms > > > > www.cnn.com.300 IN CNAME turner.map.fastly.net. > > ;; Received 64 bytes from 204.74.108.238#53(ns1.timewarner.net) in 61 ms > > > > > > > > ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace > > ;; global options: +cmd > > . 450105 IN NS a.root-servers.net. > > . 450105 IN NS f.root-servers.net. > > . 450105 IN NS l.root-servers.net. > > . 450105 IN NS h.root-servers.net. > > . 450105 IN NS b.root-servers.net. > > . 450105 IN NS g.root-servers.net. > > . 450105 IN NS k.root-servers.net. > > . 450105 IN NS i.root-servers.net. > > . 450105 IN NS j.root-servers.net. > > . 450105 IN NS c.root-servers.net. > > . 450105 IN NS m.root-servers.net. > > . 450105 IN NS d.root-servers.net. > > . 450105 IN NS e.root-servers.net. > > ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 0 ms > > > > com.172800 IN NS j.gtld-servers.net. > > com.172800 IN NS d.gtld-servers.net. > > com.172800 IN NS h.gtld-servers.net. > > com.172800 IN NS k.gtld-servers.net. > > com.172800 IN NS g.gtld-servers.net. > > com.172800 IN NS f.gtld-servers.net. > > com.172800 IN NS c.gtld-servers.net. > > com.172800 IN
Re: Monitor DNS queries toward Root severs
On Wed, May 04, 2016 at 07:03:13PM +1000, Mark Andrewswrote a message of 15 lines which said: > fill in with the rest of the root servers names. And if you don't like to type, or if you use another root: sudo tcpdump -n -i ${INTERFACE} port 53 and \( $(for ns in $(dig +nodnssec +short NS .); do echo host $(dig +short +nodnssec $ns) or; done) host 2001:db8::::1 \) # Last (dummy) host just to use the last "or" ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Monitor DNS queries toward Root severs
tcpdump -n \( host a.root-servers.net or host b.root-servers.net \) and dst port 53 fill in with the rest of the root servers names. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Monitor DNS queries toward Root severs
Daniel Dawalibi writes: > > Hello > > > > Is there any tool or configuration that allows us to monitor/graph the > number of outbound DNS queries toward the Root servers? http://dnstop.measurement-factory.com/ jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Monitor DNS queries toward Root severs
Hello Is there any tool or configuration that allows us to monitor/graph the number of outbound DNS queries toward the Root servers? As you can see in the below examples the first query answered by M root then F root in the second query. ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace ;; global options: +cmd . 450124 IN NS f.root-servers.net. . 450124 IN NS b.root-servers.net. . 450124 IN NS j.root-servers.net. . 450124 IN NS d.root-servers.net. . 450124 IN NS h.root-servers.net. . 450124 IN NS g.root-servers.net. . 450124 IN NS a.root-servers.net. . 450124 IN NS c.root-servers.net. . 450124 IN NS k.root-servers.net. . 450124 IN NS m.root-servers.net. . 450124 IN NS e.root-servers.net. . 450124 IN NS l.root-servers.net. . 450124 IN NS i.root-servers.net. ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 12 ms com.172800 IN NS c.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. ;; Received 489 bytes from 202.12.27.33#53(m.root-servers.net) in 68 ms cnn.com.172800 IN NS ns1.timewarner.net. cnn.com.172800 IN NS ns3.timewarner.net. cnn.com.172800 IN NS ns1.p42.dynect.net. cnn.com.172800 IN NS ns2.p42.dynect.net. ;; Received 190 bytes from 192.43.172.30#53(i.gtld-servers.net) in 64 ms www.cnn.com.300 IN CNAME turner.map.fastly.net. ;; Received 64 bytes from 204.74.108.238#53(ns1.timewarner.net) in 61 ms ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace ;; global options: +cmd . 450105 IN NS a.root-servers.net. . 450105 IN NS f.root-servers.net. . 450105 IN NS l.root-servers.net. . 450105 IN NS h.root-servers.net. . 450105 IN NS b.root-servers.net. . 450105 IN NS g.root-servers.net. . 450105 IN NS k.root-servers.net. . 450105 IN NS i.root-servers.net. . 450105 IN NS j.root-servers.net. . 450105 IN NS c.root-servers.net. . 450105 IN NS m.root-servers.net. . 450105 IN NS d.root-servers.net. . 450105 IN NS e.root-servers.net. ;; Received 496 bytes from 193.227.177.130#53(193.227.177.130) in 0 ms com.172800 IN NS j.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. ;; Received 501 bytes from 192.5.5.241#53(f.root-servers.net) in 155 ms cnn.com.172800 IN NS ns1.timewarner.net. cnn.com.172800 IN NS ns3.timewarner.net. cnn.com.172800 IN NS ns1.p42.dynect.net.