Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

Internal PTR queries going to the internet

Hello all.  I was recently informed by my ISP that they were receiving reverse DNS lookup requests for addresses on my LAN.  We run Microsoft Active Directory and AD integrated DNS services using Windows Server 2008 R2.  All machines on the network use two internal DNS servers which are also domain controllers.

The firewall has been configured to not allow anything on the network to go to the internet on DNS ports (TCP/UDP 53).  Packet captures at the firewall have confirmed that the reverse DNS queries are being forwarded from the two Active Directory DNS servers. (DC's)

The strange thing is that they are forwarding reverse DNS lookups for domains in which they have authoritative zones for...  For example the subnet is:
192.168.1.0/24

AD has an integrated PTR zone 1.168.192.in-addr.arpa.

Internal PTR testing using nslookup works just fine, but the log that the ISP has sent me still shows the same internal IPs in which these tested records pass as being forwarded to the public DNS server.  Anyone else run into this?  How would I go about making sure that these queries are not forwarded to the internet, but answered by the local PTR zone?
0
4roi
Asked:
4roi
  • 2
  • 2
1 Solution
 
JAN PAKULACommented:
Hi

Can you check if you dont have any rouge dns/dhcp servers on your ip range

dns:

https://www.grc.com/dns/benchmark.htm

dhcp:

http://blogs.technet.com/b/teamdhcp/archive/2009/07/03/rogue-dhcp-server-detection.aspx


I would suggest changing your ip range to something else - as most of standard setting on new devices are in this range - maybe something like 192.168.60.0 or 172.16.0.0

What firewall are you using? In the firewall (probably in wan interface settings) what Dns server are you using? try google one 8.8.8.8  or 8.8.4.4
0
 
JAN PAKULACommented:
any update?
0
 
4roiAuthor Commented:
Sorry for the delay here.  I contacted SonicWALL support and it ended up being the "Name Resolution" option under "Log" of the SonicWALL interface.  Once I chose "Specify DNS servers manually and set internal DNS servers, the ISP no longer saw the RDNS querys from my LAN..  Strange.
0
 
4roiAuthor Commented:
Answered my own question.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now