dns.exe what is that?

been watching stuff in task manager window, curious to know what this dns.exe thing is about.  See pic. I have noticed ip addresses from various places around the world. How are they gaining access, or, are they gaining access? I don't understand what this is.  We do have an app that uses a dns service, but access via our router has all ips blocked, only allowing ips that I manually enter into the router rules to "allow". Not sure what I am seeing here.

Who is Participating?
Lee W, MVPTechnology and Business Process AdvisorCommented:
DNS is a required service.  When you browse the internet, you enter a name - if you go to www.microsoft.com, the DNS service takes that NAME and looks up the number (IP Address) and then sends your request to the correct address.  In an SBS environment (and any Active Directory environment) you need to be using DNS as the Windows clients also use it to find resources on the server (like knowing which computer on the network will authenticate them).  If you stopped the DNS service or otherwise disabled this process, you wouldn't be able to log in and if your network were configured properly, you wouldn't be able to get to any site on the internet.

As for scanning, what antivirus are you using now?  Your SBS server SHOULD have an antivirus product on it.  And it should be appropriately configured so that it doesn't scan certain key parts of server that COULD cause slowdowns and other issues.  

You have to buy both Malware Bytes and SuperAntiSpyware if you want to use them on your SBS server - the license agreement for SuperAntiSpyware restricts the free version in section 1c and Malware bytes actually has a checkbox in the setup that explicitly states it cannot be used in a commercial environment.  So if you're unhappy with your antivirus solution, find another (or buy one of these - but they are not free).

As far as Antivirus goes, I recommend VIPRE - I've used in all my clients and it does a very good job of keeping things clean in my opinion and it also is a lightweight product.  

If you're having other problems or other signs of infection then I would consider a more thorough investigation, but if your only concern is this, I wouldn't be concerned.  The whole point of DNS is to contact other servers on the internet at various addresses and obtain address information for requests made by others on your network - whether it be sending an e-mail, browsing a web site, or using some other internet service.
wagnerhenryVice PresidentCommented:
Hope this helps:
Is dns.exe a virus? No, it is not. The true dns.exe file is a safe Microsoft Windows system process, called "Domain Name System Server". However, writers of malware programs, such as viruses, worms, and trojans deliberately give their processes the same file name to escape detection. Viruses with the same file name are for example TrojanDownloader:Win32/Small (detected by Microsoft), and BKDR_SERVU.BH or Cryp_Xed-12 (detected by TrendMicro).

I would run malwarebytes or superanti spyware.
wfcrrAuthor Commented:
Here is another pic, shows a few ips. This is on our SBS, what is a good scan to run?
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

wfcrrAuthor Commented:
Is that Ok to run on an SBS?
wfcrrAuthor Commented:
thanks for the help!
WORKS2011Austin Tech CompanyCommented:
run netstat -o Displays the owning process ID associated with each connection

run netstat -b Displays the executable involved in creating each connection or listening port
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.