Abdul Khader akhader at ies.etisalat.ae
Wed Jul 27 12:04:20 UTC 2016

You can use tcpdump on your DNS server to take the trace.

Command would be like below.

tcpdump -i any port 53 -w trace.pcap

You can share trace.pcap with us.

Abdul Khader

Ejaz <mejaz at cyberia.net.sa> wrote:

>Thanks you. 
>The traffic will go to router which is handled by the Network dept. The fear  that may router can crash   if we  start enabling the packet capture since it is layer 7. 
>Is advisable,  if we  deny outbound UDP port 0  from the DNS servers, after enabling firewall.
>-----Original Message-----
>From: S Carr [mailto:sjcarr at gmail.com] 
>Sent: Wednesday, July 27, 2016 10:51 AM
>To: Ejaz <mejaz at cyberia.net.sa>
>Cc: bind-users <bind-users at lists.isc.org>
>Subject: Re: outgoing-traffic
>On 27 July 2016 at 08:41, Ejaz <mejaz at cyberia.net.sa> wrote:
>> Thanks for all.
>> But the strange thing is that if the request comes on 53 port then it 
>> should go only from 53 is it?? Why goes out from 0, any clue would be 
>> highly appreciate.
>> Regards
>> Ejaz
>Where's the packet capture to review?
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>bind-users mailing list
>bind-users at lists.isc.org

More information about the bind-users mailing list