Solved

how-to stop w2k server dns initiating dialup

Posted on 2003-11-18
16
497 Views
Last Modified: 2010-04-11
Hi there,

I have a Win2k server box serving a few clients.  It's set up to dial up (56k) whenever a clients requests a connection to the Internet.

Unfortunately, the server is constantly trying to connect to the internet on port 53, initiating a dial-up connection every 2-3 seconds or so to 192.16.202.11 (ns.eu.net) - a DNS nameserver (I think).

How do I set it so that this doesn't initiate a connection, or make sure that it does so only when there is a connection already available?

Also, if anyone could explain why this is happening, that would be helpful too!

Thanks!
0
Comment
Question by:scuzzie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3
16 Comments
 
LVL 16

Expert Comment

by:The--Captain
ID: 9774597
Port 53 is commonly associated with DNS requests.  Your server is lilely running some software (windows update service, antivirus software, web accelerators, etc) that periodically generates DNS requests.  

One solution, IMO, is to figure out which services are generating this traffic and then stop running them (or only run them when you are already online).  Another might be (and I leave this to the Windoze gurus around here) to define which traffic can initiate the connection to the internet, and limit the definition to your LAN clients exclusively.  Another solution might be to use different routing/NAT software...

BTW, which routing/NAT software are you using (if any)?  Not microsoft's, I hope...

Cheers,
-Jon
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9774771
see if this utility fits your needs
http://www.twiga.ltd.uk/
click on downloads
0
 
LVL 1

Author Comment

by:scuzzie
ID: 9774818
I'm using WinRoute

The connection seems to be being initiated from the server, and no additional software is installed apart from WinRoute.  How do I find out what software is causing the DNS request?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 41

Expert Comment

by:stevenlewis
ID: 9774885
try zone alarm
free
www.zonelabs.com
it will tell what is trying to access the internet
0
 
LVL 1

Author Comment

by:scuzzie
ID: 9774924
I'm already using WinRoute as my proxy, I'd rather not install ZoneAlarm as well - are there any programs that _just_ tell you which programs are accessing the internet?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 400 total points
ID: 9774983
netstat
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9775045
WinProxy is an internet sharing app, Zonealarm is a firewall
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9776681
stevenlewis has the right idea - using a personal firewall will probably be the easiest way to tell what's generating this traffic.

Cheers,
-Jon
0
 
LVL 9

Expert Comment

by:drev001
ID: 9782407
Sounds like a virus or spyware to me. Do a full virus scan and use Adaware to remove spyware. The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy.
0
 
LVL 9

Expert Comment

by:drev001
ID: 9782431
Alternatively you could add a fake entry in your hosts file for ns.eu.net
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783548
>The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy

Looks like a major dutch university disagrees with you, as does the American Registry for Internet Numbers.  Maybe you should check with them next time like I did before appearing silly.

whois 192.16.202.11@whois.arin.net
[whois.arin.net]

OrgName:    Center for Mathematics and Computer Science
OrgID:      CMCS-1
Address:    Kruislaan 413
Address:     NL-1098 SJ Amsterdam
City:
StateProv:
PostalCode:
Country:    NL

NetRange:   192.16.202.0 - 192.16.202.255
CIDR:       192.16.202.0/24
NetName:    CWI-EUNET
NetHandle:  NET-192-16-202-0-1
Parent:     NET-192-0-0-0-0
NetType:    Direct Assignment
NameServer: NS.EU.NET
NameServer: NS.UU.NET
NameServer: SUNIC.SUNET.SE
Comment:
RegDate:    1986-11-07
Updated:    2000-11-10

TechHandle: EU-NIC-ARIN
TechName:   KPNQwest N.V.
TechPhone:  +31 70 379 3990
TechEmail:  noc@kpnqwest.net

# ARIN WHOIS database, last updated 2003-11-18 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Cheers,
-Jon
0
 
LVL 1

Expert Comment

by:techi03
ID: 9783610
w2k clients  automatically try to  register  them  selves with  a  dns  server,  thats why they are  dialing  out.
to stop this
for a  domain setup a  local  dns  and have it  forward  to your ISP's  DNS.
for a workgroup try to  disable this feature  on the  clitnes.
www.pctechnicians.ca
networking  tips
tip  number  51
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9783629
clients
clients
when is ee going to implement the spel chekker?
0
 
LVL 1

Expert Comment

by:techi03
ID: 9784068

Oops !!!.......  :O
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9784758
>when is ee going to implement the spel chekker

Lol!  Are you volunteering?  

Cheers,
-Jon

0
 
LVL 9

Expert Comment

by:drev001
ID: 9790605
Aye Aye, Cap'n. I did check, only force of habit I typed 192.168.202.11

This said, I stand by my comments.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question