?
Solved

Domain Controller Kills Firewall

Posted on 2011-09-05
3
Medium Priority
?
244 Views
Last Modified: 2012-05-12
Hi All
After many packet traces and a stressful two weeks i have located a network problem within my network to be my 1st windows server 2008 DC.
As a little history over the last two weeks my firwall/gateway kept going down.
pinging the internal interface gives results of about 4000ms and then nothing
after some investigation it turned out the server was sending mass amounts of dns requests to the gateway
we have 2 dcs on site and another in a remote branch and this has been the setup for many years.

Recently the server is pulling down the gateway with excessive traffic, when this happens there is not much in the error logs or dns global logs.
i have cross referenced the dc's dns settings and they are all fine and identical.
the only way to fix network problems is to disable the network card of the dc.

Before i consider reinstalling this DC i have two questions.

1) Any ideas what could be causing this issue, i have run malware scans and AV scans, check DNS settings etc
2) what do i need to do to make the 2nd DC the main DC so i can remove the 1st DC i created.

Thanks
0
Comment
Question by:Seanie_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
knightfox earned 2000 total points
ID: 36482822
Hi Seanie,

Working on secure sites, we have removed our DC's abilities to perform External DNS requests.  Do you have an internal proxy server to server up web requests? if so then all traffic should be going through tot he proxy and the proxy making a direct DNS request with the internet Roots.

I would try this to see if it resolves your issues before you go changing DC topology.  To disable External DNS resolution from internal systems, remove Root Hints from all domain controllers, and any DNS forwarders you have.

As a side note the upstream DNS you are using to resolve, have the tried changing them?

Thanks, Paul
0
 

Author Comment

by:Seanie_
ID: 36482861
Hi there
All DC's point to the DC's in our head office.
All DNS servers just have forwarders configured to the servers in head office for all DNS resoltion
all internet activity goes to the proxy in head office
There are no root hints all were deleted, on the dc in question they were all delted and the next day they had re-appeared so i deleted them again and scanned for virus.
we did initially point to a dns server from head office in the UK but this machine has been removed while checking the problem.
0
 

Author Closing Comment

by:Seanie_
ID: 36998532
Hi there
this was resolved by removing the conditional forwarding and setting up domain specific conditional forwarders.
thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question