Forum Discussion
CirrusResolv DNS
Hi,
I am executing the TCPDUMP for see the DNS traffic, but i see the next and i don´t understand if the resolution work, because i don´t see the answer of server dns.
example:
03:33:12.041329 IP 172.16.9.65.20465 > 8.8.8.8.domain: 7186+[|domain]
03:33:12.311287 IP 172.16.9.65.57518 > 8.8.4.4.domain: 52732+[|domain]
03:33:12.451532 IP 172.16.9.65.37396 > 8.8.4.4.domain: 56104+[|domain]
03:33:13.371585 IP 172.16.9.65.62718 > 8.8.8.8.domain: 55692+[|domain]
Is normal this behavior or is necessary see the answer?
4 Replies
- Kevin_Stewart
Employee
No, you should definitely see an answer. Can you route to these external addresses? From the shell, can you do an nslookup or dig using either of these IPs and get a good response?
diromeKevin,
I see this in another time:
03:33:15.734263 IP 172.16.9.65.54741 > 8.8.8.8.domain: 29532+ PTR? 187.144.126.207.in-addr.arpa. (46)
03:33:15.764957 IP 172.16.9.65.58853 > 8.8.4.4.domain: 371+ PTR? 184.144.126.207.in-addr.arpa. (46)
This is an answer? if not, how would show the answer when exist dns resolution?
In this moment I can´t test, becaus was a migration and this is information that i saw after the migration don´t worked, but i need understand this for make the report.
- Kevin_Stewart
This looks like another request, but for PTR records. A full request and response should look something like this:
16:32:55.500807 IP 192.168.42.48.49782 > 8.8.8.8.53: 27003+ A? bing.com. (26) 16:32:55.559772 IP 8.8.8.8.53 > 192.168.42.48.49782: 27003 1/0/0 A 204.79.197.200 (42) - dirome
Thank you!
