DNS queries to root servers

Posted on 2003-02-24
Medium Priority
Last Modified: 2010-03-19
We have a Windows 2000 Small Business Server with DNS running for Active Directory.  It connects to the internet through a Cisco ISDN router and we've noticed that it's connecting to the internet periodically with DNS requests.  This happens during the night and we've eliminated all of the PCs on the network as the cause, so it's definitely the server.  We've ran Ad-Aware to remove all Spy-ware from the network so it doesn't look like spyware is the cause.

There are two forwarders configured for our ISP, and we've disabled the server's network card from registering it's address in DNS.  The time to live value in DNS has been changed to 1 day.

We've also re-applied Service Pack 3, but we still get over an hour's worth of dialing through the night.

Can anyone suggest why the internet connection is being opened through the night?  We've gone through as many settings as we could think of and have managed to bring the total time down from connecting every 5 mins to connecting for a total time of one hour overnight.

Thanks in advance for any input.
Question by:glorydons83
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 13

Expert Comment

ID: 8008521
Do you have Automatic Updates running on the machine?  Try stopping the service overnight and see if it makes a difference.
LVL 13

Expert Comment

ID: 8008545
What mail services do you have running?

Expert Comment

ID: 8009189
You could always clear the DNS cache at night and check it first thing in the morning (before it starts getting used) to see what it has queried.
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.


Expert Comment

ID: 8009392
I'd run a network monitor on it and see exactly what traffic was generating the Internet traffic.  

If you don't feel comfortable with that, you could put up a totally 100% effective firewall (blocking all traffic) overnight, and then simply check the log in the morning to see what has been denied outbound access.

If it is the DNS server, apply some additional logging options to find the source of the DNS requests.  

Expert Comment

ID: 9153407
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Accepted Solution

SpazMODic earned 0 total points
ID: 9806665
PAQed - no points refunded (of 100)

EE Moderator

Author Comment

ID: 10675339
Just checked back on my old questions.  Just for reference: the problem was being caused by Spyware on the client PCs.

(sorry it took so long)

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question