glorydons83
asked on
DNS queries to root servers
We have a Windows 2000 Small Business Server with DNS running for Active Directory. It connects to the internet through a Cisco ISDN router and we've noticed that it's connecting to the internet periodically with DNS requests. This happens during the night and we've eliminated all of the PCs on the network as the cause, so it's definitely the server. We've ran Ad-Aware to remove all Spy-ware from the network so it doesn't look like spyware is the cause.
There are two forwarders configured for our ISP, and we've disabled the server's network card from registering it's address in DNS. The time to live value in DNS has been changed to 1 day.
We've also re-applied Service Pack 3, but we still get over an hour's worth of dialing through the night.
Can anyone suggest why the internet connection is being opened through the night? We've gone through as many settings as we could think of and have managed to bring the total time down from connecting every 5 mins to connecting for a total time of one hour overnight.
Thanks in advance for any input.
There are two forwarders configured for our ISP, and we've disabled the server's network card from registering it's address in DNS. The time to live value in DNS has been changed to 1 day.
We've also re-applied Service Pack 3, but we still get over an hour's worth of dialing through the night.
Can anyone suggest why the internet connection is being opened through the night? We've gone through as many settings as we could think of and have managed to bring the total time down from connecting every 5 mins to connecting for a total time of one hour overnight.
Thanks in advance for any input.
Do you have Automatic Updates running on the machine? Try stopping the service overnight and see if it makes a difference.
What mail services do you have running?
You could always clear the DNS cache at night and check it first thing in the morning (before it starts getting used) to see what it has queried.
I'd run a network monitor on it and see exactly what traffic was generating the Internet traffic.
If you don't feel comfortable with that, you could put up a totally 100% effective firewall (blocking all traffic) overnight, and then simply check the log in the morning to see what has been denied outbound access.
If it is the DNS server, apply some additional logging options to find the source of the DNS requests.
If you don't feel comfortable with that, you could put up a totally 100% effective firewall (blocking all traffic) overnight, and then simply check the log in the morning to see what has been denied outbound access.
If it is the DNS server, apply some additional logging options to find the source of the DNS requests.
glorydons83:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just checked back on my old questions. Just for reference: the problem was being caused by Spyware on the client PCs.
(sorry it took so long)
(sorry it took so long)