Forum Discussion
dp_119903
Cirrostratus
CirrostratusWhy am I getting DNS queries in my logs
Why am I getting all of these log messages?
I have GTM logging set to notice and big3d to error.
I have the WIPs "logging" options deselected. But my logs are getting crushed with what looks like every DNS request.
Jan 23 12:13:59 localhost info tmm[21782]: 2017-01-23 12:13:59 myf5 qid 5787 from x.x.x.5340281: view none: query: autodiscover.mydomain.com IN AAAA +EDC (x.x.x.253%0)
Jan 23 12:13:59 localhost info tmm[21782]: 2017-01-23 12:13:59 myf5 qid 5787 to x.x.x.5340281: [NOERROR qr,aa,rd,cd,do] response: empty
Jan 23 12:13:59 localhost info tmm[21782]: 2017-01-23 12:13:59 myf5 qid 56460 from x.x.x.5345934: view none: query: outlook.mydomain.com IN AAAA + (x.x.x.253%0)
Jan 23 12:14:00 localhost info tmm[21782]: 2017-01-23 12:14:00 myf5 qid 65490 from x.x.x.5310938: view none: query: autodiscover.mydomain.com IN AAAA +EDC (x.x.x.253%0)
Jan 23 12:14:00 localhost info tmm[21782]: 2017-01-23 12:14:00 myf5 qid 65490 to x.x.x.5310938: [NOERROR qr,aa,rd,cd,do] response: empty
Jan 23 12:14:01 localhost info tmm[21782]: 2017-01-23 12:14:01 myf5 qid 24548 from x.x.x.5362785: view none: query: outlook.mydomain.com IN AAAA +ED (x.x.x.253%0)
Jan 23 12:14:02 localhost info tmm[21782]: 2017-01-23 12:14:02 myf5 qid 49823 from x.x.x.5332067: view none: query: autodiscover.mydomain.com IN A +ED (x.x.x.253%0)
Jan 23 12:14:02 localhost info tmm[21782]: 2017-01-23 12:14:02 myf5 qid 49823 to x.x.x.5332067: [NOERROR qr,aa,rd,do] response: autodiscover.mydomain.com. 30 IN A x.x.x.75;
Jan 23 12:14:02 localhost info tmm[21782]: 2017-01-23 12:14:01 myf5 qid 58020 from x.x.x.5316488: view none: query: outlook.mydomain.com IN AAAA +EDC (x.x.x.253%0)
Jan 23 12:14:03 localhost info tmm[21782]: 2017-01-23 12:14:02 myf5 qid 2801 from x.x.x.5315405: view none: query: autodiscover.mydomain.com IN AAAA +ED (x.x.x.253%0)
Jan 23 12:14:03 localhost info tmm[21782]: 2017-01-23 12:14:02 myf5 qid 2801 to x.x.x.5315405: [NOERROR qr,aa,rd,do] response: empty
Jan 23 12:14:03 localhost info tmm[21782]: 2017-01-23 12:14:03 myf5 qid 13749 from x.x.x.533680: view none: query: outlook.mydomain.com IN AAAA +ED (x.x.x.253%0)
Jan 23 12:14:04 localhost info tmm[21782]: 2017-01-23 12:14:03 myf5 qid 6042 from x.x.x.5342914: view none: query: usonly.fuse.mydomain.com IN AAAA +ED (x.x.x.253%0)
Jan 23 12:14:04 localhost info tmm[21782]: 2017-01-23 12:14:03 myf5 qid 6042 to x.x.x.5342914: [NOERROR qr,aa,rd,do] response: empty
Jan 23 12:14:04 localhost info tmm[21782]: 2017-01-23 12:14:03 myf5 qid 49728 from x.x.x.5333852: view none: query: usonly.fuse.mydomain.com IN A +ED (x.x.x.253%0)
Jan 23 12:14:04 localhost info tmm[21782]: 2017-01-23 12:14:03 myf5 qid 49728 to x.x.x.5333852: [NOERROR qr,aa,rd,do] response: usonly.fuse.mydomain.com. 30 IN A 131.131.249.80;
Jan 23 12:14:04 localhost info tmm[21782]: 2017-01-23 12:14:03 myf5 qid 8997 from x.x.x.5363498: view none: query: outlook.mydomain.com IN AAAA + (x.x.x.253%0)
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:04 myf5 qid 53216 from x.x.x.5336281: view none: query: autodiscover.mydomain.com IN AAAA +ED (x.x.x.253%0)
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:04 myf5 qid 53216 to x.x.x.5336281: [NOERROR qr,aa,rd,do] response: empty
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:04 myf5 qid 14530 from x.x.x.5334954: view none: query: autodiscover.mydomain.com IN AAAA +EDC (x.x.x.253%0)
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:04 myf5 qid 14530 to x.x.x.5334954: [NOERROR qr,aa,rd,cd,do] response: empty
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:04 myf5 qid 29131 from x.x.x.5331619: view none: query: autodiscover.mydomain.com IN A +ED (x.x.x.253%0)
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:04 myf5 qid 29131 to x.x.x.5331619: [NOERROR qr,aa,rd,do] response: autodiscover.mydomain.com. 30 IN A x.x.x.75;
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:05 myf5 qid 42089 from x.x.x.5350733: view none: query: outlook.mydomain.com IN A +ED (x.x.x.253%0)
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:05 myf5 qid 42089 to x.x.x.5350733: [NOERROR qr,aa,rd,do] response: outlook.mydomain.com. 30 IN A x.x.x.75;
Jan 23 12:14:05 localhost info tmm[21782]: 2017-01-23 12:14:05 myf5 qid 41559 from x.x.x.5360000: view none: query: outlook.mydomain.com IN AAAA +EDC (x.x.x.253%0)
natheCirrocumulus
Looks like its tmm events, not gtm or big3d. What are your tmm log levels set at? Check out the following article: Configuring the level of information logged for TMM-specific events and see the Log.Tmm.Level section.
If not, then perhaps it's the gtm logging levels for the Wide IPs. See this article: Configuring the BIG-IP GTM system to log wide IP request information Here you can check the level by typing
tmsh show sys db gtm.querylogging valueHope this helps,
N