Strange Query (loopback)
swalker at metrowerks.com
Thu Dec 19 16:00:46 UTC 2002
Thanks to people out there I have a test server running 9.2.2.rc1 up now.
However I noticed, what I think is, a strange query to the DNS Server that I would like to try and track down.
On the DNS Server I have the named.run output that highlights a A query for yahoo.com, it says that the originating clients is the loopback 127.0.0.1.
However if I physically type in nslookup yahoo.com on the server it does a PTR lookup of the loopback address first then issues a query for yahoo.com
With this mystery query for yahoo.com there is no loopback PTR lookup. So what I am wondering is how can I track down this request to either a program or connection. I tried increasing debug but the output don't mean much to me.
Of note I am the only "known" user of this network, i.e there are no other users on this test setup.
example from the DNS Server [named.run]
mystery query >
Dec 19 15:15:38.153 client 127.0.0.1#32924: query: yahoo.com IN A
Dec 19 15:15:38.154 createfetch: yahoo.com A
if I perform a nslookup for yahoo.com on the host >
Dec 19 15:46:47.869 client 127.0.0.1#32927: query: 220.127.116.11.in-addr.arpa IN PTR
Dec 19 15:46:47.872 client 127.0.0.1#32928: query: yahoo.com IN A
Dec 19 15:46:47.873 createfetch: yahoo.com A
I undertstand that this could be something quite normal but I am learning about DNS as I go so appologies if this is a silly mistake on my part.
More information about the bind-users