> Leave tcpdump running on a resolver and wait for the misconfigured > offender to appear. Use one of the following: > ---- > tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap > tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump -r - -n > ---- > > Good hunting :) > > Cheers > > -- > Alexander Clouter > .sigmonster says: Future looks spotty. You will spill soup in late evening. This may be problematic on DNS nodes that are handling thousands of queries per second. Is there a way to make unbound log what lookups are causing these messages?