how-to stop w2k server dns initiating dialup

Hi there,

I have a Win2k server box serving a few clients.  It's set up to dial up (56k) whenever a clients requests a connection to the Internet.

Unfortunately, the server is constantly trying to connect to the internet on port 53, initiating a dial-up connection every 2-3 seconds or so to 192.16.202.11 (ns.eu.net) - a DNS nameserver (I think).

How do I set it so that this doesn't initiate a connection, or make sure that it does so only when there is a connection already available?

Also, if anyone could explain why this is happening, that would be helpful too!

Thanks!
LVL 1
scuzzieAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The--CaptainCommented:
Port 53 is commonly associated with DNS requests.  Your server is lilely running some software (windows update service, antivirus software, web accelerators, etc) that periodically generates DNS requests.  

One solution, IMO, is to figure out which services are generating this traffic and then stop running them (or only run them when you are already online).  Another might be (and I leave this to the Windoze gurus around here) to define which traffic can initiate the connection to the internet, and limit the definition to your LAN clients exclusively.  Another solution might be to use different routing/NAT software...

BTW, which routing/NAT software are you using (if any)?  Not microsoft's, I hope...

Cheers,
-Jon
0
stevenlewisCommented:
see if this utility fits your needs
http://www.twiga.ltd.uk/
click on downloads
0
scuzzieAuthor Commented:
I'm using WinRoute

The connection seems to be being initiated from the server, and no additional software is installed apart from WinRoute.  How do I find out what software is causing the DNS request?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

stevenlewisCommented:
try zone alarm
free
www.zonelabs.com
it will tell what is trying to access the internet
0
scuzzieAuthor Commented:
I'm already using WinRoute as my proxy, I'd rather not install ZoneAlarm as well - are there any programs that _just_ tell you which programs are accessing the internet?
0
chicagoanCommented:
netstat
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stevenlewisCommented:
WinProxy is an internet sharing app, Zonealarm is a firewall
0
The--CaptainCommented:
stevenlewis has the right idea - using a personal firewall will probably be the easiest way to tell what's generating this traffic.

Cheers,
-Jon
0
drev001Commented:
Sounds like a virus or spyware to me. Do a full virus scan and use Adaware to remove spyware. The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy.
0
drev001Commented:
Alternatively you could add a fake entry in your hosts file for ns.eu.net
0
The--CaptainCommented:
>The IP address you mentioned; 192.16.202.11 is on a reserved private address space which is why I think it sounds a bit iffy

Looks like a major dutch university disagrees with you, as does the American Registry for Internet Numbers.  Maybe you should check with them next time like I did before appearing silly.

whois 192.16.202.11@whois.arin.net
[whois.arin.net]

OrgName:    Center for Mathematics and Computer Science
OrgID:      CMCS-1
Address:    Kruislaan 413
Address:     NL-1098 SJ Amsterdam
City:
StateProv:
PostalCode:
Country:    NL

NetRange:   192.16.202.0 - 192.16.202.255
CIDR:       192.16.202.0/24
NetName:    CWI-EUNET
NetHandle:  NET-192-16-202-0-1
Parent:     NET-192-0-0-0-0
NetType:    Direct Assignment
NameServer: NS.EU.NET
NameServer: NS.UU.NET
NameServer: SUNIC.SUNET.SE
Comment:
RegDate:    1986-11-07
Updated:    2000-11-10

TechHandle: EU-NIC-ARIN
TechName:   KPNQwest N.V.
TechPhone:  +31 70 379 3990
TechEmail:  noc@kpnqwest.net

# ARIN WHOIS database, last updated 2003-11-18 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Cheers,
-Jon
0
techi03Commented:
w2k clients  automatically try to  register  them  selves with  a  dns  server,  thats why they are  dialing  out.
to stop this
for a  domain setup a  local  dns  and have it  forward  to your ISP's  DNS.
for a workgroup try to  disable this feature  on the  clitnes.
www.pctechnicians.ca
networking  tips
tip  number  51
0
chicagoanCommented:
clients
clients
when is ee going to implement the spel chekker?
0
techi03Commented:

Oops !!!.......  :O
0
The--CaptainCommented:
>when is ee going to implement the spel chekker

Lol!  Are you volunteering?  

Cheers,
-Jon

0
drev001Commented:
Aye Aye, Cap'n. I did check, only force of habit I typed 192.168.202.11

This said, I stand by my comments.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.