What you see is the DNS traffic initiated from tcpdump itself ;-)
Try # tcpdump -n ... Am 15.05.2012 14:38, schrieb Muhammad Yousuf Khan:
i want to mark the root server to my local server however powerdns is hitting j.root-server.net.domain but i want it to hit the local server secondly it is downloading too much data against just a single dig command you can see the output below. when i "dig nano.com" it start to contact with so many NS server. below is the output of port 53 which shows it is trying to contacting too many host for a single query which is too much. or want to minimize this thing more over i want to retain a single cache entry for at least an hour. please help. v17:19:49.388287 IP 192.168.30.97.52223> j.root-servers.net.domain: 18537 A? ns2.nasa.gov. (30) 17:19:49.561635 IP j.root-servers.net.domain> 192.168.30.97.52223: 18537- 0/2/3 (137) 17:19:49.561958 IP 192.168.30.97.25926> b.gov-servers.net.domain: 6083 A? ns2.nasa.gov. (30) 17:19:49.830704 IP b.gov-servers.net.domain> 192.168.30.97.25926: 6083- 0/3/3 (128) 17:19:49.830989 IP 192.168.30.97.59819> ns1.nasa.gov.domain: 9938 A? ns2.nasa.gov. (30) 17:19:50.056403 IP ns1.nasa.gov.domain> 192.168.30.97.59819: 9938*- 1/3/2 A 198.116.4.185 (128) 17:19:50.056692 IP 192.168.30.97.26329> ns2.nasa.gov.domain: 65462 PTR? 10.230.203.192.in-addr.arpa. (45) 17:19:50.258038 IP ns2.nasa.gov.domain> 192.168.30.97.26329: 65462 Refused- 0/0/0 (45) 17:19:50.258256 IP 192.168.30.97.34372> ns3.nasa.gov.domain: 29779 PTR? 10.230.203.192.in-addr.arpa. (45) 17:19:50.546331 IP ns3.nasa.gov.domain> 192.168.30.97.34372: 29779 Refused- 0/0/0 (45) 17:19:50.546562 IP 192.168.30.97.45769> ns1.nasa.gov.domain: 45479 PTR? 10.230.203.192.in-addr.arpa. (45) 17:19:50.770790 IP ns1.nasa.gov.domain> 192.168.30.97.45769: 45479 Refused- 0/0/0 (45) 17:19:50.771664 IP 192.168.30.97.47515> anysec.apnic.net.domain: 20674 PTR? 1.68.248.207.in-addr.arpa. (43) 17:19:50.995060 IP anysec.apnic.net.domain> 192.168.30.97.47515: 20674- 0/8/0 (179) 17:19:50.995390 IP 192.168.30.97.50656> w.arin.net.domain: 62415 PTR? 1.68.248.207.in-addr.arpa. (43) 17:19:51.137595 IP w.arin.net.domain> 192.168.30.97.50656: 62415- 0/6/0 (147) 17:19:51.137884 IP 192.168.30.97.47636> i.mx-ns.mx.domain: 43046 PTR? 1.68.248.207.in-addr.arpa. (43) 17:19:51.266939 IP i.mx-ns.mx.domain> 192.168.30.97.47636: 43046*- 1/6/7 PTR i.mx-ns.mx. (285) 17:19:51.268677 IP 192.168.30.97.57554> t.arin.net.domain: 28842 PTR? 83.1.6.198.in-addr.arpa. (41) 17:19:51.479627 IP t.arin.net.domain> 192.168.30.97.57554: 28842- 0/2/0 (92) 17:19:51.479898 IP 192.168.30.97.17505> auth51.ns.uu.net.domain: 47393 PTR? 83.1.6.198.in-addr.arpa. (41) 17:19:51.705229 IP auth51.ns.uu.net.domain> 192.168.30.97.17505: 47393*- 1/0/0 PTR auth03.ns.uu.net. (71) 17:19:51.705943 IP 192.168.30.97.25073> auth00.ns.uu.net.domain: 61627 A? auth01.ns.uu.net. (34) 17:19:51.908975 IP auth00.ns.uu.net.domain> 192.168.30.97.25073: 61627*- 1/0/0 A 198.6.1.81 (50) 17:19:51.909223 IP 192.168.30.97.64500> auth01.ns.uu.net.domain: 10610 PTR? 181.1.6.198.in-addr.arpa. (42) 17:19:52.111975 IP auth01.ns.uu.net.domain> 192.168.30.97.64500: 10610*- 1/0/0 PTR auth60.ns.uu.net. (72) 17:19:52.112675 IP 192.168.30.97.1949> auth01.ns.uu.net.domain: 8069 PTR? 182.1.6.198.in-addr.arpa. (42) 17:19:52.316063 IP auth01.ns.uu.net.domain> 192.168.30.97.1949: 8069*- 1/0/0 PTR auth61.ns.uu.net. (72) 17:19:52.317040 IP 192.168.30.97.14626> u.arin.net.domain: 42654 PTR? 30.123.112.209.in-addr.arpa. (45) 17:19:52.586992 IP u.arin.net.domain> 192.168.30.97.14626: 42654- 0/2/0 (103) 17:19:52.587282 IP 192.168.30.97.38358> ns1.crsnic.net.domain: 16615 PTR? 30.123.112.209.in-addr.arpa. (45) 17:19:52.856812 IP ns1.crsnic.net.domain> 192.168.30.97.38358: 16615*- 1/4/0 PTR b.gov-servers.net. (161) 17:19:52.857476 IP 192.168.30.97.27291> v.arin.net.domain: 51784 PTR? 181.4.116.198.in-addr.arpa. (44) 17:19:52.979380 IP v.arin.net.domain> 192.168.30.97.27291: 51784- 0/3/0 (106) 17:19:52.979646 IP 192.168.30.97.49940> ns3.nasa.gov.domain: 23310 PTR? 181.4.116.198.in-addr.arpa. (44) 17:19:53.267371 IP ns3.nasa.gov.domain> 192.168.30.97.49940: 23310*- 1/3/3 PTR ns3.nasa.gov. (168) 17:19:53.268046 IP 192.168.30.97.21060> x.arin.net.domain: 15637 PTR? 185.4.116.198.in-addr.arpa. (44) 17:19:53.545385 IP x.arin.net.domain> 192.168.30.97.21060: 15637- 0/3/0 (106) 17:19:53.545666 IP 192.168.30.97.9506> ns3.nasa.gov.domain: 27340 PTR? 185.4.116.198.in-addr.arpa. (44) 17:19:53.833311 IP ns3.nasa.gov.domain> 192.168.30.97.9506: 27340*- 1/3/3 PTR ns2.nasa.gov. (168) 17:19:53.833964 IP 192.168.30.97.28612> ns1.nasa.gov.domain: 30537 PTR? 189.4.116.198.in-addr.arpa. (44) 17:19:54.059942 IP ns1.nasa.gov.domain> 192.168.30.97.28612: 30537*- 1/3/3 PTR ns1.nasa.gov. (168) 17:19:54.060808 IP 192.168.30.97.40516> auth61.ns.uu.net.domain: 15913 PTR? 65.1.6.198.in-addr.arpa. (41) 17:19:54.334160 IP auth61.ns.uu.net.domain> 192.168.30.97.40516: 15913*- 1/0/0 PTR auth00.ns.uu.net. (71) 17:19:54.334826 IP 192.168.30.97.2960> auth51.ns.uu.net.domain: 4038 PTR? 81.1.6.198.in-addr.arpa. (41) 17:19:54.563690 IP auth51.ns.uu.net.domain> 192.168.30.97.2960: 4038*- 1/0/0 PTR auth01.ns.uu.net. (71) this is just a small portion of the output . it is still continue asking other ns server. what it is behaving that way. plz help thank you, _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
