2 Replies Latest reply: Dec 2, 2009 10:10 AM by 807559 RSS

    What process is making the DNS queries on my server?

    807559
      What process is making the DNS queries on my server? Short of shutting down processes one by one or trussing every process individually....
      Can DTRACE help?

      Thanks,
      DTrace newbie
        • 1. Re: What process is making the DNS queries on my server?
          user4994457
          First, processes don't (usually) make DNS queries directly. They ask the OS for hostname resolution, and the resolver libraries turn that into a DNS query. But there are some programs that use the resolver libraries directly to do more specific DNS things (like sendmail looking for MX hosts).

          So, yes you might be able to use dtrace to look for all processes that are doing 'gethostbyname' calls and have it print out the process and the host it's looking for. That would probably catch most things. You might need to add in more specific resolver calls if that doesn't find the culprit.

          --
          Darren
          • 2. Re: What process is making the DNS queries on my server?
            807559
            I need help with the command, I tried:
            $ dtrace -n syscall:::gethostbyname'{@[execname] = count()}'
            dtrace: invalid probe specifier syscall:::gethostbyname{@[execname] = count()}: probe description syscall:::gethostbyname does not match any probes
            I have seen some opensolaris threads:
            $ dtrace -l -s gethostbyname.d -p 26591
            ...the problem there is... You have to know PID

            I'm trying to find command to anaylize globally for all processes...


            Thanks

            Edited by: CHANSL0R on Dec 2, 2009 10:07 AM