MacOS – how to track the pid of a process using mDNSResponder

dnsmacosSecurity

I'm searching the right way to identify which pid/process ask to mDNSResponder to resolve dns query.

In other terms I want do identify which process do which dns query through mDNSResponder and in some way correlate it.

In another term again I want to know the pid of every dns query made through mDNSResponder.

Is there a system administrator approach to do it or I have only a programmer way and so I need to patch mDNSResponder ?

Best Answer

To enable mDNSResponder logging, run

sudo killall -USR1 mDNSResponder  # enable Warning and Notice log level
sudo syslog -c mDNSResponder -w   # enable syslog logging for warning messages

followed by grep DNSServiceQueryRecord /var/log/system.log to see all DNS queries:

Aug 28 19:20:11 Fourecks.local mDNSResponder[53]:  25: DNSServiceQueryRecord(api.droplr.com., AAAA) STOP PID[18](configd)

The pid at the end (18 in the above example) is the pid for configd who requested address resolution in this case.

Turning on logging generates a lot of entries into system.log so it's probably a good idea to only use it if needed. To turn it off again, just rerun sudo killall -USR1 mDNSResponder.

Best Answer

Related Solutions

How to fix hanging Server Admin, log shows servermgrd error in getAndLockContext: flock(servermgr_info) FATAL time out

MacOS – Firewall window pops up then vanishes

Related Question