<div>
One of your PC's?<br />
<br />
Lock down your firewall so that only the DC/DNS server(s) are sending out DNS requests to the internet. &nbsp;This will stop the outbound issue. &nbsp;You can then examine traffic requests coming from the PC when they hit the firewall.<br />
<br />
Check the host file on the PC in the first instance if it is only happening to one
</div>


One of your PC's?

Lock down your firewall so that only the DC/DNS server(s) are sending out DNS requests to the internet.  This will stop the outbound issue.  You can then examine traffic requests coming from the PC when they hit the firewall.

Check the host file on the PC in the first instance if it is only happening to one

<div>
for DNS logging of web site access you need a proxy server solution
</div>


for DNS logging of web site access you need a proxy server solution

<div>
I dont have access to my firewall since we are behind our county network. They alerted me about the DNS requests. They said to turn on DNS logging on my server to see where they originate. I turned on logging but not sure where I would even find the requests.
</div>


I dont have access to my firewall since we are behind our county network. They alerted me about the DNS requests. They said to turn on DNS logging on my server to see where they originate. I turned on logging but not sure where I would even find the requests.

<div>
I just installed wireshark and running a capture to see if &nbsp;I can grab the info from there. I am using a capture filter of Port 53
</div>


I just installed wireshark and running a capture to see if  I can grab the info from there. I am using a capture filter of Port 53

<div>
<div class="content wysiwyg-content">
I have a server 2003 running DNS in my AD. I received a report that one of my PC's is sending DNS requests to a &quot;Sink holed&quot; domain. I have turned on logging but not sure how to go about finding the culprit. Any help is greatly appreciated! Thanks
</div>
</div>


I have a server 2003 running DNS in my AD. I received a report that one of my PC's is sending DNS requests to a "Sink holed" domain. I have turned on logging but not sure how to go about finding the culprit. Any help is greatly appreciated! Thanks

DNS Logging to track

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.