Another tool worth using is dnstop. It will sniff traffic on your
server and provide reports of what IPs are querying your servers, what
queries they are doing, what types of queries, and who is doing what.
Its a great way to quickly realize that one misconfigured server is
generating 80% of your
On Tue, 20 Oct 2009, Jeremy Charles wrote:
> My google-fu is coming up empty on this one...
>
> Here's the problem: When employees use VPN to connect to our network, the
> VPN system cannot configure the client's resolver to follow our DNS suffix
> search order. The VPN system can only tell th
Nathan Hruby wrote:
> and redundant (eg: 3 nameservers in the same vmware cluster are not
> redundant).
Ooo! A new way to get this wrong! :-) I may have to add that to my list:
http://www.emailthatworks.net/forum/read.php?3,31
___
Tech mailing lis
On Tue, Oct 20, 2009 at 4:37 PM, Tracy Reed wrote:
> But having learned from the past I am very afraid of taking on any
> such cleanup because that A record which everyone agrees isn't used
> anymore actually serves some hidden critical function.
>
> I am wondering if there are any tools out there
On Tue, Oct 20, 2009 at 04:11:04PM -0700, Tom Perrine spake thusly:
> Then I would script (perl, sh, python whatever) to use dig or the equiv Perl
> or Python module to replay all the queries
> that were produced from the logs, *against* the original servers.
Yep. This is now the plan.
Is it jus
Tracy Reed wrote:
***SNIP***
> But having learned from the past I am very afraid of taking on any
> such cleanup because that A record which everyone agrees isn't used
> anymore actually serves some hidden critical function.
Indeed.
>
> I am wondering if there are any tools out there which ca
On Tue, Oct 20, 2009 at 05:59:04PM -0400, Derek J. Balling spake thusly:
> If you're using BIND, it can do query logging. Just let it log all
> your queries for a given period of time, and grep for the things
> you're planning to remove. If they appear, that's a bad plan. :-)
Of course, you are ab
I agree about query logging.
Also, a plug for HostDB. It is a good DNS zonefile generator for
small to medium sites. It takes a file that looks like /etc/hosts and
generates DNS zones, DHCP configs, and more. It has a good "push"
system that lets you diff zones before you go live with them.
Ho
Tracy Reed wrote:
> Once again I face a massive DNS cleanup. These zone files are a
> spaghetti of weird includes and outdated information running on a box
> which also does web/imap/smtp/mysql. At least it is CentOS 5.3 and not
> Fedora Core 6 like a lot of their machines. They also don't have a
>
On Oct 20, 2009, at 5:37 PM, Tracy Reed wrote:
> Does such a tool exist? Is this a good idea? Any better way?
I think worrying about wireshark and sniffing is the wrong approach.
If you're using BIND, it can do query logging. Just let it log all
your queries for a given period of time, and gr
Once again I face a massive DNS cleanup. These zone files are a
spaghetti of weird includes and outdated information running on a box
which also does web/imap/smtp/mysql. At least it is CentOS 5.3 and not
Fedora Core 6 like a lot of their machines. They also don't have a
split view for internal wh
My google-fu is coming up empty on this one...
Here's the problem: When employees use VPN to connect to our network, the VPN
system cannot configure the client's resolver to follow our DNS suffix search
order. The VPN system can only tell the client to use one suffix as its
default DNS domain
12 matches
Mail list logo