Solved: Finding Hosts with Misconfigured DNS Servers

namso2 · ‎03-04-2003

I think this is a simple issue, but my solution has not worked so far. Here's the scenario:

I have two legacy DNS/WINS servers with IP addresses x.x.x.153 and x.x.x.154. I have two new DNS/WINS servers with IP addresses x.x.x.80 and x.x.x.86. The legacy servers are about to be shut down (all four servers belong to the same subnet). Even though our network admins have been notified of this change, I know there are still many servers in the environment which are still pointing to the legacy DNS/WINS servers. What I want to do is figure out, after the legacy servers have been shut down, which boxes are still attempting to send packets to x.x.x.153 and x.x.x.154.

router#terminal monitor

router#show access-list

Extended IP access list 102

permit tcp any host x.x.x.153

permit udp any host 1x.x.x.153

permit ip any host x.x.x.153

permit icmp any host x.x.x.153

router#show debug

Generic IP:

IP packet debugging is on (detailed) for access list 102

However, when I run NSLOOKUP (on a machine on a different subnet) and point it to x.x.x.153 and perform a query, I don't see these packets on my screen. What am I missing?

rais · ‎03-04-2003

The ACL will work only if router had those IPs. May be you can assign these IPs to another dummy router and do a debug on that router.

You can also use 'ip accounting' to see who is still accessing these servers.

Thanks.

View solution in original post

rais · ‎03-04-2003

The ACL will work only if router had those IPs. May be you can assign these IPs to another dummy router and do a debug on that router.

You can also use 'ip accounting' to see who is still accessing these servers.

Thanks.

rjackson · ‎03-04-2003

On the subnet where the machine was it is not there to answer arps so no IP packets are ever forwarded to it. however, it seems like the input side of the router that faces your test host would pick up the packets and log them. Do you have console logging on?