You can use tcpdump on your DNS server to take the trace. Command would be like below.
tcpdump -i any port 53 -w trace.pcap You can share trace.pcap with us. Regards Abdul Khader Ejaz <me...@cyberia.net.sa> wrote: > >Thanks you. > >The traffic will go to router which is handled by the Network dept. The fear >that may router can crash if we start enabling the packet capture since it >is layer 7. > >Is advisable, if we deny outbound UDP port 0 from the DNS servers, after >enabling firewall. > > >Ejaz > >-----Original Message----- >From: S Carr [mailto:sjc...@gmail.com] >Sent: Wednesday, July 27, 2016 10:51 AM >To: Ejaz <me...@cyberia.net.sa> >Cc: bind-users <bind-users@lists.isc.org> >Subject: Re: outgoing-traffic > >On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote: >> Thanks for all. >> >> But the strange thing is that if the request comes on 53 port then it >> should go only from 53 is it?? Why goes out from 0, any clue would be >> highly appreciate. >> >> Regards >> Ejaz > >Where's the packet capture to review? > >_______________________________________________ >Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >from this list > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
