Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CNR DNS Request Logs


I'm using CNR 6.2.2 and I would like to track which windows workstation is trying to reach a url. There are some strange DNS Log entries (01/02/2007 15:20:44 name/dns/1 Info Protocol 0 02379 Lame server for '' at [] while resolving '') and I would like to know which workstation they came from.

It looks a worm/virus of some sort. Thanks for any help you may offer.

Cisco Employee

Re: CNR DNS Request Logs

It looks like some server is querying your DNS server recursively for

the zone that its not authorative for.

So either you can locate that machine and shut it down or put an access list on your

router to drop the traffic coming form that host to your dns.

You can setup the debug as follows to find out exactly where the request is coming from.

Go to nrcmd

Login with username and passwd. Then type the following for the debug.

nrcmd>dns setdebug DP=6

Please do this when your cpu is high and you see those lame server error messages in the


After capturing the log , unset the debug as follows:

nrcmd>dns unsetdebug

CreatePlease to create content