0

I have noticed on a 6.5 Centos host that when I am using tcpdump to determine if a multicast source is being received/ sent that it does appear to get any results when I have a DNS registered in the /etc/resolv.conf if I comment the DNS entry it works fine i.e 

sudo tcpdump -i eth1 | grep 239.0.0.3

12:51:19.341650 IP 10.31.30.104.52396 > 239.0.0.3.search-agent: UDP, length 1316
12:51:19.342268 IP 10.31.30.104.52396 > 239.0.0.3.search-agent: UDP, length 1316
12:51:19.342862 IP 10.31.30.104.52396 > 239.0.0.3.search-agent: UDP, length 1316

when the DNS is re-instated it appears to resolve names and work fine but the tcpdump cmd returns nothing. This only happens on certain installation that use specific DNS servers but not others.

Any idea?

Khaled
  • 36,533
  • 8
  • 72
  • 99
adamjth
  • 11
  • 1
  • 3
  • It is very, very difficult to identify how DNS interacts with this using the sparse details given. If presence of a DNS server is causing this to happen, it stands to reason that it's due to a DNS query. You should start by running a packet capture on port 53 traffic to and from your DNS servers. – Andrew B Jun 25 '15 at 13:59
  • You can also use the '-n' flag to tcpdump to prevent any DNS lookups from occurring. – bodgit Jun 25 '15 at 14:53

0 Answers0