[DNS]: Does anyone has any captured example for "NXRRSET" error?

asked 2022-11-08 01:21:31 +0000

mohamednehad gravatar image

Hello All,

Your help will be highly appreciated if you elaborate/guide me to any example or NXRRSET DNS error (RCODE=8) as I face increasing over this error in my network while I can't capture this error by trace taken via "tcpdump port 53". Only I can get "NXDOMAIN" (RCODE=3) and "Server Failure" (RCODE=2).

Thanks in advance.

edit retag flag offensive close merge delete

Comments

What are the symptoms? How do you know the RCODE exists without capturing it?

Chuckc gravatar imageChuckc ( 2022-11-08 14:36:06 +0000 )edit

Thanks Chuckc for your reply.

Actually I got a monitoring tool to the DNS server in my network. It counts "NXRRSET". I want to capture the error packets for more details about it. Do you have anything that could guide me?

Thanks in advance.

mohamednehad gravatar imagemohamednehad ( 2022-11-09 15:17:21 +0000 )edit

I was unable to find a sample capture with "NXRRSET".
Can you make a capture on the DNS server?
wireshark, dumpcap, tcpdump, Windows Network Monitor

If you can't capture on the server, check the Ethernet capture setup on the wiki. If the server is attached to a switch you may be able to mirror off to a different port for capture. Or may need to change the cabling to include a tap or additional switch.

Chuckc gravatar imageChuckc ( 2022-11-09 15:31:00 +0000 )edit

Thanks again Chuckc for our follow up.

I will try to check what you said and get back to you.

Thanks in advance.

mohamednehad gravatar imagemohamednehad ( 2022-11-09 17:15:11 +0000 )edit
add a comment