How do I monitor DNS queries on a Win 2003 server

Posted on 2011-10-17
Medium Priority
Last Modified: 2012-05-12
The companies DNS forwarders are pointed to one of the external DNS servers. We had been receiving  emails since last week that we are making about 20 million quries on their DNS servers in about 3-4 hrs time, indicating that there could be a malicious software on one of the machines in our network. Need help identifying the computer by analysing our local DNS.
Question by:kittu05
1 Comment
LVL 81

Accepted Solution

arnold earned 2000 total points
ID: 36980547
Get wireshark wireshark.net and capture a sample of network traffic going to one of the DNS servers.

Within a span of a few minutes it might be obvious the source of the many dns requests.

make sure you have excluded the private IP space from being forwarded out

You may have reverse IP lookups leaking out.

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question