Solved

Internal PTR queries going to the internet

Posted on 2013-06-10
4
243 Views
Last Modified: 2013-09-03
Hello all.  I was recently informed by my ISP that they were receiving reverse DNS lookup requests for addresses on my LAN.  We run Microsoft Active Directory and AD integrated DNS services using Windows Server 2008 R2.  All machines on the network use two internal DNS servers which are also domain controllers.

The firewall has been configured to not allow anything on the network to go to the internet on DNS ports (TCP/UDP 53).  Packet captures at the firewall have confirmed that the reverse DNS queries are being forwarded from the two Active Directory DNS servers. (DC's)

The strange thing is that they are forwarding reverse DNS lookups for domains in which they have authoritative zones for...  For example the subnet is:
192.168.1.0/24

AD has an integrated PTR zone 1.168.192.in-addr.arpa.

Internal PTR testing using nslookup works just fine, but the log that the ISP has sent me still shows the same internal IPs in which these tested records pass as being forwarded to the public DNS server.  Anyone else run into this?  How would I go about making sure that these queries are not forwarded to the internet, but answered by the local PTR zone?
0
Comment
Question by:4roi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236240
Hi

Can you check if you dont have any rouge dns/dhcp servers on your ip range

dns:

https://www.grc.com/dns/benchmark.htm

dhcp:

http://blogs.technet.com/b/teamdhcp/archive/2009/07/03/rogue-dhcp-server-detection.aspx


I would suggest changing your ip range to something else - as most of standard setting on new devices are in this range - maybe something like 192.168.60.0 or 172.16.0.0

What firewall are you using? In the firewall (probably in wan interface settings) what Dns server are you using? try google one 8.8.8.8  or 8.8.4.4
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39327192
any update?
0
 

Accepted Solution

by:
4roi earned 0 total points
ID: 39450854
Sorry for the delay here.  I contacted SonicWALL support and it ended up being the "Name Resolution" option under "Log" of the SonicWALL interface.  Once I chose "Specify DNS servers manually and set internal DNS servers, the ISP no longer saw the RDNS querys from my LAN..  Strange.
0
 

Author Closing Comment

by:4roi
ID: 39459856
Answered my own question.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question