Hi,
This ins't a problem as such, more of an observation. I have three active DNS servers on my network; two live and one which is soon to be decommissioned.
While checking the DNS logs of the soon-to-be-decommissioned server, I noticed the PRTG server is querying "localhost" to this server every 60 seconds. This is odd because this DNS servers IP address is not listed as a static entry on the PRTG server, so I'm not sure how the PRTG server is finding it. It is currently still authorized in AD, so maybe it's finding it from there.
Either way, it raises the question of why is it querying it at all? and why so often?
Thanks Michael.
Article Comments
Hi Felix,
Having looked into this the answer is actually really obvious!
I have a DNS sensor for this server (obviously, as it is running DNS). The schedule is set to 60 seconds, so thats why I am seeing this in the logs.
I'll remove the sensor!
Thanks for your response though.
Jun, 2016 - Permalink
Hello Miyo,
That's indeed a good question. Do you run any Packet Sniffer or Flow Sensors? I could only imagine that the reverse lookup of these sensors might send the query, which would also be questionable. It will be very tricky to see which sensor actually performs this query I'm afraid. The only way to test it will be to pause every sensor and resume every sensor one by one, which can be very time consuming.
Best regards, Felix
Jun, 2016 - Permalink