Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CNR DNS Request Logs

Hi,

I'm using CNR 6.2.2 and I would like to track which windows workstation is trying to reach a url. There are some strange DNS Log entries (01/02/2007 15:20:44 name/dns/1 Info Protocol 0 02379 Lame server for 'hafeh.com' at [72.249.30.42] while resolving 'hafeh.com') and I would like to know which workstation they came from.

It looks a worm/virus of some sort. Thanks for any help you may offer.

1 REPLY
Cisco Employee

Re: CNR DNS Request Logs

It looks like some server is querying your DNS server recursively for

the zone that its not authorative for.

So either you can locate that machine and shut it down or put an access list on your

router to drop the traffic coming form that host to your dns.

You can setup the debug as follows to find out exactly where the request is coming from.

Go to nrcmd

Login with username and passwd. Then type the following for the debug.

nrcmd>dns setdebug DP=6

Please do this when your cpu is high and you see those lame server error messages in the

logs.

After capturing the log , unset the debug as follows:

nrcmd>dns unsetdebug

160
Views
0
Helpful
1
Replies
CreatePlease to create content