When using the various CLI network monitors like LSOF, Netstat, ifTop. I'd like to see what applications are doing DNS lookups (using port 53 over UDP). How do I configure so that these connections are shown in the Terminal? I'd like to see what IP Address is being connected to and what applications are requesting the DNS lookup.
I'm interested in any way to learn this information.
You must turn on bind / named logging:
$ sudo apt-get install bind9utils
$ rndc querylog
Then, you can see the log the service in the system log:
$ tail -f /var/log/messages
Once finished, you can turn off logging again:
$ rndc querylog
For those interested I just discovered the dnstop CLI tool (man page), which–given a network interface–can show you a live updated view of DNS queries made by your machine. It can group and sort by any level of subdomain depth, client IP, record type, etc...
Here is a nice tutorial.
