[Samba] How to trace a DNS query back to workstation or application
Andrew Bartlett
abartlet at samba.org
Sat Feb 28 19:51:28 MST 2015
On Thu, 2015-02-26 at 11:44 -0500, James wrote:
> Hello,
>
> Looking through my samba logs I'm seeing entries such as this
>
> [2015/02/26 11:39:33.527590, 2, pid=1184, effective(0, 0), real(0, 0)]
> ../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> Not authoritative for 'searchclient.live.net', forwarding
>
> This will repeat several times a second for hours. How can I trace this
> back to a workstation or application short of using Wireshark? I'm
> currently using Samba 4.1.17 with the internal DNS. Thanks.
>
Better would be to write up a patch to change that to a level 5 or so
debug, it is entirely routine (sounds like IE's search box) and isn't
the kind of thing that belongs even at level 2.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list