I'm not a networking guru so could use some help. I am running a RHEL7 (Red Hat Enterprise Linux) VM (Virtual Machine) where some component on the OS is sending frequent DNS queries to resolve it's own local hostname to our main DNS server (which shouldn't be happening because the DNS server won't know anything about its address). Can anyone provide guidance as to how I can find out what component/service/process this is? It's filling our logs with 19k records over just hours and I need to find a way to fix this.
The hostname for the RHEL VM is spe1.2v29999999.dev.local , there is a static IP on this VM and it is 10.70.49.61. The /etc/hosts looks like:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost4 localhost4.localdomain4
I suspected it might be a java jar we have running on the VM, but I stopped it via systemctl stop MyJavaJar but after running a tcp dump via tcpdump -i any udp port 53, I could still see the queries happening.
Here are some examples from different days/times in the logs (both A and TXT records):
2020-05-05T13:53:50.189178+00:00 dns.green.blue.mycompany.com 127.0.0.1 <daemon.info> dnsmasq[20886]: 739 10.70.49.61/65078 query[A] spe1.2v29999999.dev.local from 10.70.49.61
2020-05-07T00:01:39.934899+00:00 dns.green.blue.mycompany.com 127.0.0.1 <daemon.info> dnsmasq[8615]: 27827 10.70.49.61/57348 reply spe1.2v29999999.dev.local is NXDOMAIN
2020-05-11T00:01:20.674688+00:00 dns.green.blue.mycompany.com 127.0.0.1 <daemon.info> dnsmasq[8615]: 130345 10.70.49.61/53321 query[TXT] bootstrap.spe1.2v29999999.dev.local from 10.70.49.61
Would making any changes to /etc/hostname, /etc/sysconfig, /var/named .zone files, /var/named.conf or /etc/named help? Can I do more with tcpdump? Thanks
Put:
127.0.0.1 spe1.2v29999999.dev.local
in /etc/hosts. This is done by default on many distros.