| View previous topic :: View next topic |
| Author |
Message |
electricsqrl
n00b
Joined: 21 Sep 2004
Posts: 18
|
 Posted: Tue Sep 21, 2004 8:21 pm Post subject: excess DNS traffic |
 |
|
Howzit yall. Any thoughts on how to fix this to get the computer guys off my back?
| Quote: |
> ***** Text of Original Message *****> Subject: DNS traffic from esqrl.student
>
> Examination of OIT DNS server statistics show that there is some
> problem with the following device: esqrl.student (xxx.xxx.xxx.xxx)
>
> This device keeps sending the same DNS query (or queries) to OIT DNS servers(s).
> Although OIT DNS servers respond with an answer that the client should cache for
> some time, the client keeps repeating the same query (or queries).
>
> Specifically, it keeps asking for the IP addresses for the names:
> sqrl.
> sqrl.student.foo.EDU.
>
> It asks about 8 times per second (total for both names), going
> back to September 12.
>
> Our DNS servers respond that neither name exists, and that the
> client may cache this result for 10 minutes.
>
>
> This suggests that one of the following is true:
>
> * There is something wrong with the part of the client's operating system
> responsible for caching DNS information. That component is misconfigured,
> disabled, or has stopped working.
>
>
> If this is the case, please correct the problem, so the client's operating
> system caches DNS information.
>
>
> This suggests that one of the following is true:
>
> * There is something wrong with the part of the client's operating system
> responsible for caching DNS information. That component is misconfigured,
> disabled, or has stopped working.
>
>
> If this is the case, please correct the problem, so the client's operating
> system caches DNS information.
>
>
> * The client is running some specialized application software that performs DNS
> queries on its own, without relying on the client's operating system to handle
> the DNS lookup, so that particular application software is unable to benefit
> from the operating system's normal caching of DNS information.
>
> If this is the case, then attention should be given to this application to
> determine if this is the best way for it to operate.
>
> If it is, then see if the application can be configured so it caches the DNS
> information it learns.
>
> If the application must perform the DNS lookups itself, and cannot be made to
> cache the DNS responses, then the DNS demands generated by this device may be
> met better by installing a local caching-only DNS server (software) on the same
> host, and reconfiguring the host (or just the application) to rely on its own
> local DNS server. (The application will still generate excessive DNS queries,
> but will send them to a DNS server program running on the same host, which in
> turn will handle the DNS caching.)
>
> Please contact the customer.
|
_________________
pedro offers you his protection
Last edited by electricsqrl on Tue Sep 21, 2004 9:00 pm; edited 2 times in total |
|
| Back to top |
|
 |
aetius
Tux's lil' helper
Joined: 09 Jul 2004
Posts: 118
|
| Posted: Tue Sep 21, 2004 8:33 pm Post subject: |
|
|
You need to know what is generating the DNS requests. It would be pretty unusual for a Linux program to *not* use the built-in name resolution mechanism, so what daemons do you have running?
Also, given that the names being looked up are incorrect, it is very likely that something is misconfigured. Chat client? Web server? |
|
| Back to top |
|
|
electricsqrl
n00b
Joined: 21 Sep 2004
Posts: 18
|
| Posted: Tue Sep 21, 2004 8:44 pm Post subject: |
|
|
thanks aetius! what's the best way for me to determine what is making the dns requests??
_________________
pedro offers you his protection |
|
| Back to top |
|
|
electricsqrl
n00b
Joined: 21 Sep 2004
Posts: 18
|
| Posted: Tue Sep 21, 2004 8:57 pm Post subject: |
|
|
Here are the daemons running, but these seem fairly normal.
| Quote: |
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1336 416 ? S Sep19 0:02 init [3]
root 2 0.0 0.0 0 0 ? SW Sep19 0:02 [keventd]
root 3 0.0 0.0 0 0 ? SW Sep19 0:03 [kapmd]
root 4 0.0 0.0 0 0 ? SWN Sep19 0:02 [ksoftirqd_CPU0]
root 5 0.0 0.0 0 0 ? SW Sep19 0:17 [kswapd]
root 6 0.0 0.0 0 0 ? SW Sep19 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW Sep19 0:27 [kupdated]
root 10 0.0 0.0 0 0 ? SW Sep19 0:00 [khubd]
root 12 0.0 0.0 0 0 ? SW Sep19 0:00 [kreiserfsd]
|
_________________
pedro offers you his protection |
|
| Back to top |
|
|
aetius
Tux's lil' helper
Joined: 09 Jul 2004
Posts: 118
|
| Posted: Wed Sep 22, 2004 2:42 pm Post subject: |
|
|
Those are your kernel-level processes, we're not too concerned with those right now. Try this command:
Note that there is no "-" before the aux options. Run that command as root and that will give you a full listing of the running processes with the entire command line displayed. redirect that output to a pager (less, more) or to a file for easy copying:
| Code: | | ps auxww > process_list.txt |
This is a start, to see what's running on the system. You can also run:
To see what system services are supposed to be running. Look for likely candidates from these lists such as web servers, chat clients, etc.
Another tack you could take due to the frequency of the requests (8 per second is a lot) would be to run the "top" program, and see what programs are consuming processor time (the default sort order). There's a chance your culprit will be in the top 5 processes because it is so active all of the time. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
