On Thu, 20 Jun 2002, Roger Cornelius wrote: > Sorry for not responding sooner. This message was stuck in the mail queue > for some reason and only got delivered to my mailbox last night. > > "Michael O'Quinn" ([EMAIL PROTECTED]) wrote: > > >On Tue, 18 Jun 2002, Roger Cornelius wrote: > > > >> Hi, > >> > >> Apologies because this is only partially related to gnatbox. > >> > >> We have two win2kserver machines on our network which insist on making > >> DNS queries to DNS servers not assigned to us. The other machines on > >> our net are win98, win2kpro, and one unix box. This problem occurs only > >> with the 2 win2kserver machines. > >> > >> One machine was previously configured as a domain controller with a name > >> of abc. abc is not our registered domain name, but abc.com does exist. > >> abc is configured to use xyz (another internal machine) for DNS service. > >> abc is not generally used for interactive use. Somehow, abc discovered > >> the DNS server IP addresses (the ones listed by whois) for abc.com and > >> is using them for queries. > > > >Is that for all or the majority of queries? It so, that is a > >mis-configuration of the Windows box. > > I just disabled the block and set the GB to log accepted. I'll analyse > the results after a day or so and see. Can I assume that a lot of the > blocked DNS requests I was seeing were due to the win2kserver box > retrying when the initial request was blocked?
I would think that a the majority of those queries, if they are going all over or to the root name servers, are simply DNS trying to do its job as it should. If they are all going to one site, like the abc.com you mentioned, then you probably have a WinDoze mis-configuration. I'm afraid someone else will have to help you if that's the case. I've always been afraid of WinDoze server products (mostly because of inherent security problems, many of which are coming to light these days) and have avoided them religiously. Also, abc.com's DNS servers should NOT be resolving your queries for you. It is considered a security risk to resolve recursive queries for domains you do not own or at least trust. Maybe your server is querying abc.com but THEY are rejecting them. The list of the root name servers can be found at <ftp://ftp.rs.internic.net/domain/named.root>. Just another thought as you start staring at the logs. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
