I am running a Windows Server 2003 native domain. All of my domain controllers are Windows Server 2003 Enterprise R2 x32 with all the latest security updates installed.
I noticed in my Sidewinder firewall reports that one of my domain controllers is consistently attempting to go out to the following ip addresses. The sidewinder only allows dns out to the internet from two other of my domain controllers. I have changed the forwarders on all the other dns servers to point to these two servers and have allowed traffic out on the sidewinder from these two servers.
The sidewinder blocks dns requests to port 53 from one server 24/7 for the following dstip addresses:
Destination Port Count %Count
220.127.116.11 53 2140 21.2872%
18.104.22.168 53 2140 21.2872%
22.214.171.124 53 1283 12.7624%
All three of these addresses are from iana.org, as you can see from the following links.
Any ideas what I should do to prevent this? I have looked around and have found that it may be linked to a reverse lookup zone setup incorrectly.