We help IT Professionals succeed at work.

DNS forwarding mistery

DEFclub
DEFclub asked
on
Due to some mysterious traffic, I’ve configured my Microsoft (2003) DNS servers to route dns through a DNS sinkhole.  In DNS, I set the DNS forwarder to the IP of the sinkhole; however, I still see DNS traffic from the DNS server bypassing the sinkhole and hitting the firewall. What am I missing? I thought setting the DNS forwarder would do the trick but I’m missing something. Help ?
Comment
Watch Question

Doesn't your incoming traffic hit the firewall BEFORE hitting your DNS server? Seems like expected behavior to me. Sounds like you need to make a change at your registrar if you want the traffic to stop hitting your server.

Commented:
Is the DNS server set to use itself only as the DNS server. If its set to use anything else it might be just sending the queries out to the internet itself.

Commented:
I am with Aegil

Author

Commented:
They are set to themselves. Wouldn't DNS use the forwarder, if a forwarder is set, before using root hints? and is it safe to remeove the root hints? I've removved the root hints on one box but still the box is not forwarding all traffic to the forwarder... any more ideas?

Author

Commented:
?

Author

Commented:
Ok, I removed root hinks and the the mail stopped bypassing the forwarding to the sinkhole - so it looks like the root hinks were the issue; however, removing the root hinks broke DNS. How can I remove the root hinks and not break DNS, or how can I get the root hinks to forward to my DNS sinkhole? Anyone?
Commented:
The way it should work is as below:

1 When the DNS server receives a query, it attempts to resolve this query using the primary and secondary zones that it hosts and its cache.

2 If the query cannot be resolved using this local data, then it will forward the query to the DNS server designated as a forwarder.

3 The DNS server will wait briefly for an answer from the forwarder before attempting to contact the DNS servers specified in its root hints.

What traffic was it that you had that you were concerned about? Outgoing or incoming traffic?
SteveArchitect/Designer
BRONZE EXPERT
Commented:
if you have disabled recursion, the forwarders are disabled.
also, forwarders depend on the domain selected:
on the 'forwarders' tab in DNS, check if 'all other DNS domains' is shown or if specific domains are listed.

Author

Commented:
Looks like the resolution was to check the box "dont use recursion for this domain" in front of my face the whole time. It looks like if I check this box it will use the forwarder to forward to the next dns server for recursion which is what i want; the next dns server is the sinkhole...

totallytonto, are you sure if i disable resursion the forwarder will not work? looks like its working to me?

Explore More ContentExplore courses, solutions, and other research materials related to this topic.