command line ID vs Wireshark transaction ID (dns.id)
John W. Blue
john.blue at rrcic.com
Fri Aug 11 14:36:46 UTC 2017
> What nameserver addresses are listed in /etc/resolv.conf?
So.
resolv.conf has the non-RFC1918 ip addresses commented out *and* loopback is the only one enabled.
Lovely. <grin>
I decided to leave it as is and retested with:
# tcpdump -n -i lo0 -s0 port domain
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes
08:50:55.837412 IP 127.0.0.1.17709 > 127.0.0.1.53: 59248+ A? www.airnav.com. (32)
08:50:56.019525 IP 127.0.0.1.53 > 127.0.0.1.17709: 59248 1/3/6 A 206.125.168.131 (247)
Wireshark hex transaction id converts to decimal for a successful match.
Thanks for the help Mark!
John
More information about the bind-users
mailing list