Solved

how-to stop w2k server dns initiating dialup

Posted on 2003-11-18
16
490 Views
Last Modified: 2010-04-11
Hi there,

I have a Win2k server box serving a few clients.  It's set up to dial up (56k) whenever a clients requests a connection to the Internet.

Unfortunately, the server is constantly trying to connect to the internet on port 53, initiating a dial-up connection every 2-3 seconds or so to 192.16.202.11 (ns.eu.net) - a DNS nameserver (I think).

How do I set it so that this doesn't initiate a connection, or make sure that it does so only when there is a connection already available?

Also, if anyone could explain why this is happening, that would be helpful too!

Thanks!
0
Comment
Question by:scuzzie
  • 4
  • 3
  • 3
  • +3
16 Comments
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
Port 53 is commonly associated with DNS requests.  Your server is lilely running some software (windows update service, antivirus software, web accelerators, etc) that periodically generates DNS requests.  

One solution, IMO, is to figure out which services are generating this traffic and then stop running them (or only run them when you are already online).  Another might be (and I leave this to the Windoze gurus around here) to define which traffic can initiate the connection to the internet, and limit the definition to your LAN clients exclusively.  Another solution might be to use different routing/NAT software...

BTW, which routing/NAT software are you using (if any)?  Not microsoft's, I hope...

Cheers,
-Jon
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
see if this utility fits your needs
http://www.twiga.ltd.uk/
click on downloads
0
 
LVL 1

Author Comment

by:scuzzie
Comment Utility
I'm using WinRoute

The connection seems to be being initiated from the server, and no additional software is installed apart from WinRoute.  How do I find out what software is causing the DNS request?
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
try zone alarm
free
www.zonelabs.com
it will tell what is trying to access the internet
0
 
LVL 1

Author Comment

by:scuzzie
Comment Utility
I'm already using WinRoute as my proxy, I'd rather not install ZoneAlarm as well - are there any programs that _just_ tell you which programs are accessing the internet?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 400 total points
Comment Utility
netstat
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
WinProxy is an internet sharing app, Zonealarm is a firewall
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
stevenlewis has the right idea - using a personal firewall will probably be the easiest way to tell what's generating this traffic.

Cheers,
-Jon
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 9

Expert Comment

by:drev001
Comment Utility
Sounds like a virus or spyware to me. Do a full virus scan and use Adaware to remove spyware. The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy.
0
 
LVL 9

Expert Comment

by:drev001
Comment Utility
Alternatively you could add a fake entry in your hosts file for ns.eu.net
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
>The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy

Looks like a major dutch university disagrees with you, as does the American Registry for Internet Numbers.  Maybe you should check with them next time like I did before appearing silly.

whois 192.16.202.11@whois.arin.net
[whois.arin.net]

OrgName:    Center for Mathematics and Computer Science
OrgID:      CMCS-1
Address:    Kruislaan 413
Address:     NL-1098 SJ Amsterdam
City:
StateProv:
PostalCode:
Country:    NL

NetRange:   192.16.202.0 - 192.16.202.255
CIDR:       192.16.202.0/24
NetName:    CWI-EUNET
NetHandle:  NET-192-16-202-0-1
Parent:     NET-192-0-0-0-0
NetType:    Direct Assignment
NameServer: NS.EU.NET
NameServer: NS.UU.NET
NameServer: SUNIC.SUNET.SE
Comment:
RegDate:    1986-11-07
Updated:    2000-11-10

TechHandle: EU-NIC-ARIN
TechName:   KPNQwest N.V.
TechPhone:  +31 70 379 3990
TechEmail:  noc@kpnqwest.net

# ARIN WHOIS database, last updated 2003-11-18 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Cheers,
-Jon
0
 
LVL 1

Expert Comment

by:techi03
Comment Utility
w2k clients  automatically try to  register  them  selves with  a  dns  server,  thats why they are  dialing  out.
to stop this
for a  domain setup a  local  dns  and have it  forward  to your ISP's  DNS.
for a workgroup try to  disable this feature  on the  clitnes.
www.pctechnicians.ca
networking  tips
tip  number  51
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
clients
clients
when is ee going to implement the spel chekker?
0
 
LVL 1

Expert Comment

by:techi03
Comment Utility

Oops !!!.......  :O
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
>when is ee going to implement the spel chekker

Lol!  Are you volunteering?  

Cheers,
-Jon

0
 
LVL 9

Expert Comment

by:drev001
Comment Utility
Aye Aye, Cap'n. I did check, only force of habit I typed 192.168.202.11

This said, I stand by my comments.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MAC Needs 2 Domains 2 42
Route summarization 9 42
Does Surface Pro 2 have a max broadband speed 18 35
Linux as a middle box 7 18
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Let’s list some of the technologies that enable smooth teleworking. 
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now