DNS queries to root servers

Posted on 2003-02-24
Medium Priority
Last Modified: 2010-03-19
We have a Windows 2000 Small Business Server with DNS running for Active Directory.  It connects to the internet through a Cisco ISDN router and we've noticed that it's connecting to the internet periodically with DNS requests.  This happens during the night and we've eliminated all of the PCs on the network as the cause, so it's definitely the server.  We've ran Ad-Aware to remove all Spy-ware from the network so it doesn't look like spyware is the cause.

There are two forwarders configured for our ISP, and we've disabled the server's network card from registering it's address in DNS.  The time to live value in DNS has been changed to 1 day.

We've also re-applied Service Pack 3, but we still get over an hour's worth of dialing through the night.

Can anyone suggest why the internet connection is being opened through the night?  We've gone through as many settings as we could think of and have managed to bring the total time down from connecting every 5 mins to connecting for a total time of one hour overnight.

Thanks in advance for any input.
Question by:glorydons83
LVL 13

Expert Comment

ID: 8008521
Do you have Automatic Updates running on the machine?  Try stopping the service overnight and see if it makes a difference.
LVL 13

Expert Comment

ID: 8008545
What mail services do you have running?

Expert Comment

ID: 8009189
You could always clear the DNS cache at night and check it first thing in the morning (before it starts getting used) to see what it has queried.
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!


Expert Comment

ID: 8009392
I'd run a network monitor on it and see exactly what traffic was generating the Internet traffic.  

If you don't feel comfortable with that, you could put up a totally 100% effective firewall (blocking all traffic) overnight, and then simply check the log in the morning to see what has been denied outbound access.

If it is the DNS server, apply some additional logging options to find the source of the DNS requests.  

Expert Comment

ID: 9153407
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Accepted Solution

SpazMODic earned 0 total points
ID: 9806665
PAQed - no points refunded (of 100)

EE Moderator

Author Comment

ID: 10675339
Just checked back on my old questions.  Just for reference: the problem was being caused by Spyware on the client PCs.

(sorry it took so long)

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question