Rampant DNS queries

[shakamon]

How can I locate a program\process on a selinux server that is making approx 70 dns queries per second...

besides netstat, is there anything else i can use to narrow this down? Optimally, I only want this system to make requests when necessary

"Only the dead fish follow the stream"

 

[lgarner]

tcpdump udp port 53

You can get it to tell you the names being resolved. Something like Apache with reverse lookups turned on could do it, if this is a web server.

Also, is this a DNS server? Maybe some other host is performing the lookups against this one, and this server is questioning its forwarders.

 

[shakamon]

Its not a dns server, I checked the httpd.conf file too. The reverse is shut off as well. This is actaully a ClarkConnect.com home edition r2 system. Looks to be built on selinux. something is ocnfigured in there, I just cannot seem to find it....

"Only the dead fish follow the stream"