Question : Checking what computer on the LAN is performing a Specific DNS query.

I have a network with two Public IP's and two firewalls. I use OpenDNS as my forwarders. I can see that from site #1 I have 10,000 DNS requests a day for 5 AOL Servers. I'm guessing AIM is on the network.

All computers are joined to the domain, and I ran LAN Guard and did a software Audit. No copies of AOL AIM are anywhere to be found. So my question is, how can I see what IP address is making all these DNS requests?

Do I have to use a packet sniffer? Is there another easier way of doing this?

Answer : Checking what computer on the LAN is performing a Specific DNS query.

No need for a packet sniffer yet. Open the properties of the DNS server, go to the "Debug Logging" tab, enable "Log packets for debugging".
You only need to check
- Incoming
- UDP
- Queries/Transfers
- Requests
Set a log file on a disk with enough space, click "Apply".
Leave it running for a bit (a minute should be plenty ...), then disable logging again.
Open the log file, search for "aol(3)com(0)"; you'll find the client IP(s) in the same line(s).

Random Solutions

Keep losing mappped drives

WINDOWS 2003 RIS PXE No boot filename received. NEED HELP

Block ports with ACL on 2600

2003 Active Directory Domain Controller - Change IP address of the DC

Blackberry Enterprise Server License Key

can not resolve host

Asterisk play music while continuing Dial Plan

Configure active/passive iis servers on an arrowpoint or cisco css

Cable internet and Cisco router

Windows XP - How do I Configure Dual Boot Environment?