• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 248
  • Last Modified:

Domain Controller Kills Firewall

Hi All
After many packet traces and a stressful two weeks i have located a network problem within my network to be my 1st windows server 2008 DC.
As a little history over the last two weeks my firwall/gateway kept going down.
pinging the internal interface gives results of about 4000ms and then nothing
after some investigation it turned out the server was sending mass amounts of dns requests to the gateway
we have 2 dcs on site and another in a remote branch and this has been the setup for many years.

Recently the server is pulling down the gateway with excessive traffic, when this happens there is not much in the error logs or dns global logs.
i have cross referenced the dc's dns settings and they are all fine and identical.
the only way to fix network problems is to disable the network card of the dc.

Before i consider reinstalling this DC i have two questions.

1) Any ideas what could be causing this issue, i have run malware scans and AV scans, check DNS settings etc
2) what do i need to do to make the 2nd DC the main DC so i can remove the 1st DC i created.

Thanks
0
Seanie_
Asked:
Seanie_
  • 2
1 Solution
 
knightfoxCommented:
Hi Seanie,

Working on secure sites, we have removed our DC's abilities to perform External DNS requests.  Do you have an internal proxy server to server up web requests? if so then all traffic should be going through tot he proxy and the proxy making a direct DNS request with the internet Roots.

I would try this to see if it resolves your issues before you go changing DC topology.  To disable External DNS resolution from internal systems, remove Root Hints from all domain controllers, and any DNS forwarders you have.

As a side note the upstream DNS you are using to resolve, have the tried changing them?

Thanks, Paul
0
 
Seanie_Author Commented:
Hi there
All DC's point to the DC's in our head office.
All DNS servers just have forwarders configured to the servers in head office for all DNS resoltion
all internet activity goes to the proxy in head office
There are no root hints all were deleted, on the dc in question they were all delted and the next day they had re-appeared so i deleted them again and scanned for virus.
we did initially point to a dns server from head office in the UK but this machine has been removed while checking the problem.
0
 
Seanie_Author Commented:
Hi there
this was resolved by removing the conditional forwarding and setting up domain specific conditional forwarders.
thanks
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now