# 找尋針對某domain發起dns resolv的Process
## 選定目標Pod, 以dns-default為例
```
[quickcluster@upi-0 ~]$ oc get pod -A -owide | grep worker-0 | grep dns-default
openshift-dns dns-default-hkngl 2/2 Running 6 6d21h 10.131.0.37 worker-0.cubtest.lab.psi.pnq2.redhat.com <none> <none>
```
## oc debug node到該節點
```
oc debug node/worker-0.cubtest.lab.psi.pnq2.redhat.com
chroot /host
# 查詢該Pod的container ID, 如果有多個Container會返回多個結果
sh-5.1# crictl ps | grep dns-default-hkngl
635082f72f5db 450f91f1319dcbdafa6dd74a587a95b5a902491a1560d5abef5f097200508aca 2 days ago Running kube-rbac-proxy 3 1ca22fa9184f2 dns-default-hkngl
9144de97c5820 86451444c54a416299cc1422153b2e56544519fb5a7044bf451651f41ca3ef70 2 days ago Running dns 3 1ca22fa9184f2 dns-default-hkngl
# 查詢Container內所有的Process PID
sh-5.1# crictl inspect 635082f72f5db | grep pid
"pid": 4010,
"type": "pid"
"pids": {
sh-5.1# crictl inspect 9144de97c5820 | grep pid
"pid": 3992,
"type": "pid"
"pids": {
# 用ps 反查所有Pid, PPID
ps -p 4010 -o pid,ppid,comm
ps -p 3992 -o pid,ppid,comm
# 如果知道該process執行的指令的話,也可以使用ps aux | grep 反查
ps aux | grep coredns
# 用Strace追蹤所有相關的Process 並過濾特定domain
sh-5.1# strace -f -e trace=network,connect,sendto -p 4010,3992 -s 256 2>&1 | grep google
[pid 12926] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(56177), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="r\256\1\0\0\1\0\0\0\0\0\0\6google\3com\24openshift-monitoring\3svc\7cluster\5local\0\0\1\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 67
[pid 12926] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(56177), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="\261\243\1\0\0\1\0\0\0\0\0\0\6google\3com\24openshift-monitoring\3svc\7cluster\5local\0\0\34\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 67
[pid 12926] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(56177), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="\261\243\205\3\0\1\0\0\0\1\0\0\6google\3com\24openshift-monitoring\3svc\7cluster\5local\0\0\34\0\1\7cluster\5local\0\0\6\0\1\0\0\0\5\0D\2ns\3dns\7cluster\5local\0\nhostmaster\7cluster\5local\0h\244\215\277\0\0\34 \0\0\7\10\0\1Q\200\0\0\0\5", iov_len=160}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 160
[pid 3992] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(56177), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="r\256\205\3\0\1\0\0\0\1\0\0\6google\3com\24openshift-monitoring\3svc\7cluster\5local\0\0\1\0\1\7cluster\5local\0\0\6\0\1\0\0\0\5\0D\2ns\3dns\7cluster\5local\0\nhostmaster\7cluster\5local\0h\244\215\277\0\0\34 \0\0\7\10\0\1Q\200\0\0\0\5", iov_len=160}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 160
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(41802), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="\3+\1\0\0\1\0\0\0\0\0\0\6google\3com\3svc\7cluster\5local\0\0\1\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 46
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(41802), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="\210)\1\0\0\1\0\0\0\0\0\0\6google\3com\3svc\7cluster\5local\0\0\34\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 46
[pid 3992] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(41802), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="\3+\205\3\0\1\0\0\0\1\0\0\6google\3com\3svc\7cluster\5local\0\0\1\0\1\7cluster\5local\0\0\6\0\1\0\0\0\5\0D\2ns\3dns\7cluster\5local\0\nhostmaster\7cluster\5local\0h\244\215\277\0\0\34 \0\0\7\10\0\1Q\200\0\0\0\5", iov_len=139}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 139
[pid 3992] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(41802), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="\210)\205\3\0\1\0\0\0\1\0\0\6google\3com\3svc\7cluster\5local\0\0\34\0\1\7cluster\5local\0\0\6\0\1\0\0\0\5\0D\2ns\3dns\7cluster\5local\0\nhostmaster\7cluster\5local\0h\244\215\277\0\0\34 \0\0\7\10\0\1Q\200\0\0\0\5", iov_len=139}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 139
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(35506), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="[\357\1\0\0\1\0\0\0\0\0\0\6google\3com\7cluster\5local\0\0\1\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 42
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(35506), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="<\321\1\0\0\1\0\0\0\0\0\0\6google\3com\7cluster\5local\0\0\34\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 42
[pid 12926] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(35506), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="[\357\205\3\0\1\0\0\0\1\0\0\6google\3com\7cluster\5local\0\0\1\0\1\7cluster\5local\0\0\6\0\1\0\0\0\5\0D\2ns\3dns\7cluster\5local\0\nhostmaster\7cluster\5local\0h\244\215\277\0\0\34 \0\0\7\10\0\1Q\200\0\0\0\5", iov_len=135}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 135
[pid 12926] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(35506), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="<\321\205\3\0\1\0\0\0\1\0\0\6google\3com\7cluster\5local\0\0\34\0\1\7cluster\5local\0\0\6\0\1\0\0\0\5\0D\2ns\3dns\7cluster\5local\0\nhostmaster\7cluster\5local\0h\244\215\277\0\0\34 \0\0\7\10\0\1Q\200\0\0\0\5", iov_len=135}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 135
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(58933), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="\316\375\1\0\0\1\0\0\0\0\0\0\6google\3com\7cubtest\3lab\3psi\4pnq2\6redhat\3com\0\0\1\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 60
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(58933), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="+\361\1\0\0\1\0\0\0\0\0\0\6google\3com\7cubtest\3lab\3psi\4pnq2\6redhat\3com\0\0\34\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 60
[pid 3992] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(58933), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="+\361\205\203\0\1\0\0\0\1\0\0\6google\3com\7cubtest\3lab\3psi\4pnq2\6redhat\3com\0\0\34\0\1\3lab\3psi\4pnq2\6redhat\3com\0\0\6\0\1\0\0\0\36\0W\nhidden-dns\7ibx-001\4prod\4iad2\2dc\6redhat\3com\0\nhostmaster\6redhat\3com\0\0\3\376i\0\0*0\0\0\16\20\0\2\243\0\0\0\2X", iov_len=182}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 182
[pid 3992] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(58933), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="\316\375\205\203\0\1\0\0\0\1\0\0\6google\3com\7cubtest\3lab\3psi\4pnq2\6redhat\3com\0\0\1\0\1\3lab\3psi\4pnq2\6redhat\3com\0\0\6\0\1\0\0\0\36\0W\nhidden-dns\7ibx-001\4prod\4iad2\2dc\6redhat\3com\0\nhostmaster\6redhat\3com\0\0\3\376i\0\0*0\0\0\16\20\0\2\243\0\0\0\2X", iov_len=182}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 182
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(60382), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="\375\200\1\0\0\1\0\0\0\0\0\0\6google\3com\0\0\1\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 28
[pid 549652] recvmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(60382), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=112 => 28, msg_iov=[{iov_base="\256\216\1\0\0\1\0\0\0\0\0\0\6google\3com\0\0\34\0\1", iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=0x32}], msg_controllen=40, msg_flags=MSG_CTRUNC}, 0) = 28
[pid 549652] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(60382), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="\256\216\205\200\0\1\0\4\0\0\0\0\6google\3com\0\0\34\0\1\6google\3com\0\0\34\0\1\0\0\0`\0\20$\4h\0@\3\f\5\0\0\0\0\0\0\0f\6google\3com\0\0\34\0\1\0\0\0`\0\20$\4h\0@\3\f\5\0\0\0\0\0\0\0q\6google\3com\0\0\34\0\1\0\0\0`\0\20$\4h\0@\3\f\5\0\0\0\0\0\0\0\213\6google\3com\0\0\34\0\1\0\0\0`\0\20$\4h\0@\3\f\5\0\0\0\0\0\0\0e", iov_len=180}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 180
[pid 12926] sendmsg(11, {msg_name={sa_family=AF_INET6, sin6_port=htons(60382), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:10.131.0.4", &sin6_addr), sin6_scope_id=0}, msg_namelen=28, msg_iov=[{iov_base="\375\200\201\200\0\1\0\6\0\0\0\0\6google\3com\0\0\1\0\1\6google\3com\0\0\1\0\1\0\0\1\22\0\4\254\375ve\6google\3com\0\0\1\0\1\0\0\1\22\0\4\254\375vf\6google\3com\0\0\1\0\1\0\0\1\22\0\4\254\375vd\6google\3com\0\0\1\0\1\0\0\1\22\0\4\254\375v\213\6google\3com\0\0\1\0\1\0\0\1\22\0\4\254\375vq\6google\3com\0\0\1\0\1\0\0\1\22\0\4\254\375v\212", iov_len=184}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=0, ipi_spec_dst=inet_addr("10.131.0.37"), ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=32, msg_flags=0}, 0) = 184
Sign in with Wallet
Connect another wallet