Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain Controller Kills Firewall

Posted on 2011-09-05
3
Medium Priority
?
246 Views
Last Modified: 2012-05-12
Hi All
After many packet traces and a stressful two weeks i have located a network problem within my network to be my 1st windows server 2008 DC.
As a little history over the last two weeks my firwall/gateway kept going down.
pinging the internal interface gives results of about 4000ms and then nothing
after some investigation it turned out the server was sending mass amounts of dns requests to the gateway
we have 2 dcs on site and another in a remote branch and this has been the setup for many years.

Recently the server is pulling down the gateway with excessive traffic, when this happens there is not much in the error logs or dns global logs.
i have cross referenced the dc's dns settings and they are all fine and identical.
the only way to fix network problems is to disable the network card of the dc.

Before i consider reinstalling this DC i have two questions.

1) Any ideas what could be causing this issue, i have run malware scans and AV scans, check DNS settings etc
2) what do i need to do to make the 2nd DC the main DC so i can remove the 1st DC i created.

Thanks
0
Comment
Question by:Seanie_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
knightfox earned 2000 total points
ID: 36482822
Hi Seanie,

Working on secure sites, we have removed our DC's abilities to perform External DNS requests.  Do you have an internal proxy server to server up web requests? if so then all traffic should be going through tot he proxy and the proxy making a direct DNS request with the internet Roots.

I would try this to see if it resolves your issues before you go changing DC topology.  To disable External DNS resolution from internal systems, remove Root Hints from all domain controllers, and any DNS forwarders you have.

As a side note the upstream DNS you are using to resolve, have the tried changing them?

Thanks, Paul
0
 

Author Comment

by:Seanie_
ID: 36482861
Hi there
All DC's point to the DC's in our head office.
All DNS servers just have forwarders configured to the servers in head office for all DNS resoltion
all internet activity goes to the proxy in head office
There are no root hints all were deleted, on the dc in question they were all delted and the next day they had re-appeared so i deleted them again and scanned for virus.
we did initially point to a dns server from head office in the UK but this machine has been removed while checking the problem.
0
 

Author Closing Comment

by:Seanie_
ID: 36998532
Hi there
this was resolved by removing the conditional forwarding and setting up domain specific conditional forwarders.
thanks
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question