[CentOS] how do I find out which nameserver returns a DNS query?
nate
centos at linuxpowered.net
Mon Jul 7 18:37:16 UTC 2008
Ken Price wrote:
> Hmm. As far as I know, the only place you can find that information
> is on the caching DNS server responding to your queries. If you want
> those details, setup your own recursive name server and enable verbose
> logging.
>
> Anyone else with ideas?
Run tcpdump on the client machine and see which system sends a reply?
$ host www.nasa.gov
www.nasa.gov is an alias for www.nasa.gov.speedera.net.
www.nasa.gov.speedera.net is an alias for www.nasa.gov.edgesuite.net.
www.nasa.gov.edgesuite.net is an alias for a1718.x.akamai.net.
a1718.x.akamai.net has address 216.39.150.135
a1718.x.akamai.net has address 216.39.150.136
# tcpdump -i eth0 -n port 53 | grep nasa
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:35:22.345956 IP 216.39.174.24.53 > 209.97.207.48.53: 55994 [1au] A?
www.nasa.gov. (41)
11:35:22.384898 IP 216.39.174.24.53 > 198.116.4.181.53: 5495 [1au] A?
www.nasa.gov. (41)
11:35:22.480205 IP 216.39.174.24.53 > 192.26.92.30.53: 34592 [1au] A?
www.nasa.gov.speedera.net. (54)
11:35:22.582535 IP 216.39.174.24.53 > 63.209.3.131.53: 42385 [1au] A?
www.nasa.gov.speedera.net. (54)
11:35:22.619921 IP 216.39.174.24.53 > 63.209.3.131.53: 42385 A?
www.nasa.gov.speedera.net. (43)
11:35:22.692525 IP 216.39.174.24.53 > 64.211.42.196.53: 27350 [1au] A?
www.nasa.gov.edgesuite.net. (55)
11:35:22.797816 IP 216.39.174.24.53 > 64.211.42.196.53: 27350 A?
www.nasa.gov.edgesuite.net. (44)
My internal name server forces the source port to be 53, so you may not
want to use the port 53 option if your source port is random.
nate
More information about the CentOS
mailing list