[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


dns.exe what is that?

Posted on 2012-08-11
Medium Priority
Last Modified: 2012-08-11
been watching stuff in task manager window, curious to know what this dns.exe thing is about.  See pic. I have noticed ip addresses from various places around the world. How are they gaining access, or, are they gaining access? I don't understand what this is.  We do have an app that uses a dns service, but access via our router has all ips blocked, only allowing ips that I manually enter into the router rules to "allow". Not sure what I am seeing here.

Question by:wfcrr

Assisted Solution

wagnerhenry earned 1000 total points
ID: 38284336
Hope this helps:
Is dns.exe a virus? No, it is not. The true dns.exe file is a safe Microsoft Windows system process, called "Domain Name System Server". However, writers of malware programs, such as viruses, worms, and trojans deliberately give their processes the same file name to escape detection. Viruses with the same file name are for example TrojanDownloader:Win32/Small (detected by Microsoft), and BKDR_SERVU.BH or Cryp_Xed-12 (detected by TrendMicro).

I would run malwarebytes or superanti spyware.

Author Comment

ID: 38284342
Here is another pic, shows a few ips. This is on our SBS, what is a good scan to run?
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Author Comment

ID: 38284392
Is that Ok to run on an SBS?
LVL 97

Accepted Solution

Lee W, MVP earned 1000 total points
ID: 38284417
DNS is a required service.  When you browse the internet, you enter a name - if you go to www.microsoft.com, the DNS service takes that NAME and looks up the number (IP Address) and then sends your request to the correct address.  In an SBS environment (and any Active Directory environment) you need to be using DNS as the Windows clients also use it to find resources on the server (like knowing which computer on the network will authenticate them).  If you stopped the DNS service or otherwise disabled this process, you wouldn't be able to log in and if your network were configured properly, you wouldn't be able to get to any site on the internet.

As for scanning, what antivirus are you using now?  Your SBS server SHOULD have an antivirus product on it.  And it should be appropriately configured so that it doesn't scan certain key parts of server that COULD cause slowdowns and other issues.  

You have to buy both Malware Bytes and SuperAntiSpyware if you want to use them on your SBS server - the license agreement for SuperAntiSpyware restricts the free version in section 1c and Malware bytes actually has a checkbox in the setup that explicitly states it cannot be used in a commercial environment.  So if you're unhappy with your antivirus solution, find another (or buy one of these - but they are not free).

As far as Antivirus goes, I recommend VIPRE - I've used in all my clients and it does a very good job of keeping things clean in my opinion and it also is a lightweight product.  

If you're having other problems or other signs of infection then I would consider a more thorough investigation, but if your only concern is this, I wouldn't be concerned.  The whole point of DNS is to contact other servers on the internet at various addresses and obtain address information for requests made by others on your network - whether it be sending an e-mail, browsing a web site, or using some other internet service.

Author Closing Comment

ID: 38284431
thanks for the help!
LVL 17

Expert Comment

ID: 38284435
run netstat -o Displays the owning process ID associated with each connection

run netstat -b Displays the executable involved in creating each connection or listening port

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Integration Management Part 2
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question