Solved

how-to stop w2k server dns initiating dialup

Posted on 2003-11-18
16
496 Views
Last Modified: 2010-04-11
Hi there,

I have a Win2k server box serving a few clients.  It's set up to dial up (56k) whenever a clients requests a connection to the Internet.

Unfortunately, the server is constantly trying to connect to the internet on port 53, initiating a dial-up connection every 2-3 seconds or so to 192.16.202.11 (ns.eu.net) - a DNS nameserver (I think).

How do I set it so that this doesn't initiate a connection, or make sure that it does so only when there is a connection already available?

Also, if anyone could explain why this is happening, that would be helpful too!

Thanks!
0
Comment
Question by:scuzzie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3
16 Comments
 
LVL 16

Expert Comment

by:The--Captain
ID: 9774597
Port 53 is commonly associated with DNS requests.  Your server is lilely running some software (windows update service, antivirus software, web accelerators, etc) that periodically generates DNS requests.  

One solution, IMO, is to figure out which services are generating this traffic and then stop running them (or only run them when you are already online).  Another might be (and I leave this to the Windoze gurus around here) to define which traffic can initiate the connection to the internet, and limit the definition to your LAN clients exclusively.  Another solution might be to use different routing/NAT software...

BTW, which routing/NAT software are you using (if any)?  Not microsoft's, I hope...

Cheers,
-Jon
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9774771
see if this utility fits your needs
http://www.twiga.ltd.uk/
click on downloads
0
 
LVL 1

Author Comment

by:scuzzie
ID: 9774818
I'm using WinRoute

The connection seems to be being initiated from the server, and no additional software is installed apart from WinRoute.  How do I find out what software is causing the DNS request?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 41

Expert Comment

by:stevenlewis
ID: 9774885
try zone alarm
free
www.zonelabs.com
it will tell what is trying to access the internet
0
 
LVL 1

Author Comment

by:scuzzie
ID: 9774924
I'm already using WinRoute as my proxy, I'd rather not install ZoneAlarm as well - are there any programs that _just_ tell you which programs are accessing the internet?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 400 total points
ID: 9774983
netstat
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9775045
WinProxy is an internet sharing app, Zonealarm is a firewall
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9776681
stevenlewis has the right idea - using a personal firewall will probably be the easiest way to tell what's generating this traffic.

Cheers,
-Jon
0
 
LVL 9

Expert Comment

by:drev001
ID: 9782407
Sounds like a virus or spyware to me. Do a full virus scan and use Adaware to remove spyware. The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy.
0
 
LVL 9

Expert Comment

by:drev001
ID: 9782431
Alternatively you could add a fake entry in your hosts file for ns.eu.net
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783548
>The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy

Looks like a major dutch university disagrees with you, as does the American Registry for Internet Numbers.  Maybe you should check with them next time like I did before appearing silly.

whois 192.16.202.11@whois.arin.net
[whois.arin.net]

OrgName:    Center for Mathematics and Computer Science
OrgID:      CMCS-1
Address:    Kruislaan 413
Address:     NL-1098 SJ Amsterdam
City:
StateProv:
PostalCode:
Country:    NL

NetRange:   192.16.202.0 - 192.16.202.255
CIDR:       192.16.202.0/24
NetName:    CWI-EUNET
NetHandle:  NET-192-16-202-0-1
Parent:     NET-192-0-0-0-0
NetType:    Direct Assignment
NameServer: NS.EU.NET
NameServer: NS.UU.NET
NameServer: SUNIC.SUNET.SE
Comment:
RegDate:    1986-11-07
Updated:    2000-11-10

TechHandle: EU-NIC-ARIN
TechName:   KPNQwest N.V.
TechPhone:  +31 70 379 3990
TechEmail:  noc@kpnqwest.net

# ARIN WHOIS database, last updated 2003-11-18 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Cheers,
-Jon
0
 
LVL 1

Expert Comment

by:techi03
ID: 9783610
w2k clients  automatically try to  register  them  selves with  a  dns  server,  thats why they are  dialing  out.
to stop this
for a  domain setup a  local  dns  and have it  forward  to your ISP's  DNS.
for a workgroup try to  disable this feature  on the  clitnes.
www.pctechnicians.ca
networking  tips
tip  number  51
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9783629
clients
clients
when is ee going to implement the spel chekker?
0
 
LVL 1

Expert Comment

by:techi03
ID: 9784068

Oops !!!.......  :O
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9784758
>when is ee going to implement the spel chekker

Lol!  Are you volunteering?  

Cheers,
-Jon

0
 
LVL 9

Expert Comment

by:drev001
ID: 9790605
Aye Aye, Cap'n. I did check, only force of habit I typed 192.168.202.11

This said, I stand by my comments.
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question