Hi,
got an AIX 4.3.3 box (posted it on the AIX-board too), asking it's DNS-server about every 3-4 seconds for the name loopback.bla.org. The DNS returns a NXDomain (saw with tcpdump and in the logs of the DNS-server), what is totally ok. The loopback is in the /etc/hosts and the order for namelookup is (/etc/netsvc.conf, like /etc/nsswitch.conf on other UNIXs and Linux):
hosts=local,bind
This sets the order to looking up the /etc/hosts 1st and then the DNS-server.
The /etc/hosts already contains
127.0.0.1 localhost loopback loopback.bla.org
It seems for me, that there is running an application, that doesn't use gethostbyname(), but how can i track it?
netstat and lsof won't show the DNS-requests' process, because it's so fast and short, i can't catch it by repeating the comannds very fast.
netstat on AIX doesn't provide an option to show which pid a socket has anyway, so that i could compare the record with the one in the tcpdump.
Anyone got an idea, how to find the application that is doing this DNS-request? I have not the option on this server to stop one application after another to see, which one is responsible.
Help is very welcome.
got an AIX 4.3.3 box (posted it on the AIX-board too), asking it's DNS-server about every 3-4 seconds for the name loopback.bla.org. The DNS returns a NXDomain (saw with tcpdump and in the logs of the DNS-server), what is totally ok. The loopback is in the /etc/hosts and the order for namelookup is (/etc/netsvc.conf, like /etc/nsswitch.conf on other UNIXs and Linux):
hosts=local,bind
This sets the order to looking up the /etc/hosts 1st and then the DNS-server.
The /etc/hosts already contains
127.0.0.1 localhost loopback loopback.bla.org
It seems for me, that there is running an application, that doesn't use gethostbyname(), but how can i track it?
netstat and lsof won't show the DNS-requests' process, because it's so fast and short, i can't catch it by repeating the comannds very fast.
netstat on AIX doesn't provide an option to show which pid a socket has anyway, so that i could compare the record with the one in the tcpdump.
Anyone got an idea, how to find the application that is doing this DNS-request? I have not the option on this server to stop one application after another to see, which one is responsible.
Help is very welcome.