Solved

Domain Controller Kills Firewall

Posted on 2011-09-05
3
241 Views
Last Modified: 2012-05-12
Hi All
After many packet traces and a stressful two weeks i have located a network problem within my network to be my 1st windows server 2008 DC.
As a little history over the last two weeks my firwall/gateway kept going down.
pinging the internal interface gives results of about 4000ms and then nothing
after some investigation it turned out the server was sending mass amounts of dns requests to the gateway
we have 2 dcs on site and another in a remote branch and this has been the setup for many years.

Recently the server is pulling down the gateway with excessive traffic, when this happens there is not much in the error logs or dns global logs.
i have cross referenced the dc's dns settings and they are all fine and identical.
the only way to fix network problems is to disable the network card of the dc.

Before i consider reinstalling this DC i have two questions.

1) Any ideas what could be causing this issue, i have run malware scans and AV scans, check DNS settings etc
2) what do i need to do to make the 2nd DC the main DC so i can remove the 1st DC i created.

Thanks
0
Comment
Question by:Seanie_
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
knightfox earned 500 total points
ID: 36482822
Hi Seanie,

Working on secure sites, we have removed our DC's abilities to perform External DNS requests.  Do you have an internal proxy server to server up web requests? if so then all traffic should be going through tot he proxy and the proxy making a direct DNS request with the internet Roots.

I would try this to see if it resolves your issues before you go changing DC topology.  To disable External DNS resolution from internal systems, remove Root Hints from all domain controllers, and any DNS forwarders you have.

As a side note the upstream DNS you are using to resolve, have the tried changing them?

Thanks, Paul
0
 

Author Comment

by:Seanie_
ID: 36482861
Hi there
All DC's point to the DC's in our head office.
All DNS servers just have forwarders configured to the servers in head office for all DNS resoltion
all internet activity goes to the proxy in head office
There are no root hints all were deleted, on the dc in question they were all delted and the next day they had re-appeared so i deleted them again and scanned for virus.
we did initially point to a dns server from head office in the UK but this machine has been removed while checking the problem.
0
 

Author Closing Comment

by:Seanie_
ID: 36998532
Hi there
this was resolved by removing the conditional forwarding and setting up domain specific conditional forwarders.
thanks
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question