Indeed! This is a project that I have wanted to attempt myself - and this just saved me a whole lot of start-up time.
Thanks, Tim! -- ME2 On Tue, Mar 9, 2010 at 1:45 PM, Richard Stovall <[email protected]> wrote: > Most excellent. Thank you very much. I'll give this a whirl at home and > see how it goes. > > Much obliged, > RS > > On Tue, Mar 9, 2010 at 4:41 PM, Tim Evans <[email protected]> wrote: > >> I run this batch file: >> >> ****** begin batch file ***** >> >> @echo off >> >> set server=mydnsserver >> >> set /p delold=Delete old domains? >> >> if /I "%delold%" NEQ "Y" goto getit >> >> echo Deleting old domains... >> >> pause >> >> for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f >> >> :getit >> >> if exist domains.txt del domains.txt >> >> wget http://www.malwaredomains.com/files/domains.txt || goto end >> >> if exist mal_list.txt del mal_list.txt >> >> rem ignore lines beginning with # & echo 1st word only >> >> for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt >> >> for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary >> /DP /forest && dnscmd %server% /recordadd %%f * A 192.168.0.6) >> >> :end >> >> ****** end batch file ***** >> >> >> >> This adds a wildcard zone for each domain which points to an internal web >> server at 192.168.0.6. It displays a "web site blocked due to malware" page >> whenever anyone hits it. I go thru the logs regularly and investigate any >> host on that server. It's a bit crude in that it just attempts to add all >> the domains each time it is run, but it works from me. Occasionally, they >> delete a bunch of domains and I couldn't figure out a better way to handle >> it, so if I answer Y to tor prompt, it deletes all domains and readds them >> from the downloaded list. >> >> >> >> ...Tim >> >> >> >> *From:* Richard Stovall [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 1:13 PM >> >> *To:* NT System Admin Issues >> *Subject:* Re: DNS Server service shuts down shortly after the DC boots >> >> >> >> Very intriguing. >> >> >> >> How do you accomplish the loading of the domain list? Using a boot file >> per the directions here: >> http://www.malwaredomains.com/wordpress/?page_id=6#MS? Do you refresh >> the list manually every once and a while? >> >> >> >> Thanks, >> RS >> >> On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans <[email protected]> wrote: >> >> FWIW, I load the entire domain list from http://www.malwaredomains.com/into >> my AD integrated DNS without any problems. over 18000 domains are >> currently included. I've got a 2003 native domain/forest too. DC's include >> WS08R2, WS08, & WS03 SP2. I have not seen anything like this here. >> >> >> >> ...Tim >> >> >> >> *From:* Carl Houseman [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 11:53 AM >> >> >> *To:* NT System Admin Issues >> *Subject:* RE: DNS Server service shuts down shortly after the DC boots >> >> >> >> It appears that background zone loading is a feature of 2008 and later... >> maybe I just need to hurry up the upgrade to 2008. >> >> >> >> Carl >> >> >> >> *From:* Michael B. Smith [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 2:44 PM >> *To:* NT System Admin Issues >> *Subject:* RE: DNS Server service shuts down shortly after the DC boots >> >> >> >> Oh! Yes, now that you say that…. >> >> >> >> I bet what’s happening is that it’s timing out. >> >> >> >> There is a flag (and I’m sorry that I don’t remember the details) that >> says “do the initial zone load in the background”. You probably need to set >> that. That should be enough to biggle with… >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> Consultant and Exchange MVP >> >> http://TheEssentialExchange.com >> >> >> >> *From:* Carl Houseman [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 2:40 PM >> *To:* NT System Admin Issues >> *Subject:* RE: DNS Server service shuts down shortly after the DC boots >> >> >> >> "Debug logging" will log DNS packets to a text file. I guess the last DNS >> packet received before the shutdown could tell me something if it was >> shutting down randomly at any time. But the fact that the service stays >> running forever after restarting suggests that bad DNS packets on the wire >> aren't likely causing this. So if bad DNS traffic is the problem, the only >> explanation would be a DNS query from the DC to itself. DC DOS's its own >> DNS server service? >> >> >> >> One thing I may have that is less common is a lot of DNS authoritative >> zones for well known bad (malware hosting) domain names. There's over 1000 >> of 'em. >> >> >> >> I have to say I'm not up for an extended debugging journey on this one, >> just wondering if this behavior triggered any memories for anyone. >> >> >> >> Carl >> >> >> >> *From:* Brian Desmond [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 1:53 PM >> *To:* NT System Admin Issues >> *Subject:* RE: DNS Server service shuts down shortly after the DC boots >> >> >> >> *It should be able to kick out more info to a text file.* >> >> * * >> >> *The scenario you mention of branch DCs not having connectivity is >> completely normal. * >> >> * * >> >> *Thanks,* >> >> *Brian Desmond* >> >> *[email protected]* >> >> * * >> >> *c – 312.731.3132* >> >> * * >> >> *From:* Carl Houseman [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 12:46 PM >> *To:* NT System Admin Issues >> *Subject:* RE: DNS Server service shuts down shortly after the DC boots >> >> >> >> Good idea, but the DNS Server's event logging option has been on "all >> events" all this time. That must be the default, I don't recall ever >> changing it. >> >> >> >> Carl >> >> >> >> *From:* Michael B. Smith [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 1:39 PM >> *To:* NT System Admin Issues >> *Subject:* RE: DNS Server service shuts down shortly after the DC boots >> >> >> >> This would seem to indicate to me that while the DNS Server service was >> initiated, it never actually finished initializing. >> >> >> >> Aren’t there some logging options on the DNS server property tab? I’d >> probably ratchet those up to max for a while and see if they helped gather >> more info… >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> Consultant and Exchange MVP >> >> http://TheEssentialExchange.com >> >> >> >> *From:* Carl Houseman [mailto:[email protected]] >> *Sent:* Tuesday, March 09, 2010 1:22 PM >> *To:* NT System Admin Issues >> *Subject:* DNS Server service shuts down shortly after the DC boots >> >> >> >> Curious thing, started a few months ago after I moved the FSMO roles from >> this DC to another one. This DC frequently boots "in a vacuum" – no other >> DC's can be contacted, so it takes a long time sniffing around before it >> finally starts Active Directory and its own DNS Server service. A few >> minutes after that, the DNS Server service shuts down. There's nothing in >> the System or Application event log to explain it, and the DNS Server event >> log records simply that " The DNS server has shutdown." (event ID 3). >> >> >> >> The recovery options are set to restart the service, but that doesn't >> happen because the service appears to have been shut down on purpose. But >> no human (for sure) and 99.9% sure no software is issuing the command. >> >> >> >> Another interesting thing from the event logs, under System, when I start >> the service there's an event 7036 logged "The DNS Server has entered the >> running state". But I see NO event 7036 for DNS at the time of booting. >> Obviously, it must be started, else the DNS event log wouldn't record that >> it had shut down! And I see no 7036 events for it stopping either. >> >> >> >> When this happens, I can manually start the DNS Server service and all is >> well until the next boot, which may or may not have the problem. I think >> it's happening about 50% of the time. >> >> >> >> I've scripted a solution to recover from the problem, but I'm just curious >> if anyone has noticed something similar. I'm guessing the instances of >> branch offices booting their DC without network connectivity back to the >> FSMO holder at HQ is fairly rare, but not unheard of. >> >> >> >> And this is Windows 2003 SP2, native 2003 domain/forest. Almost left that >> off, yikes! >> >> >> >> TIA, >> >> Carl >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
