Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DNS Logging to track

Posted on 2014-12-15
5
33 Views
Last Modified: 2015-03-04
I have a server 2003 running DNS in my AD. I received a report that one of my PC's is sending DNS requests to a "Sink holed" domain. I have turned on logging but not sure how to go about finding the culprit. Any help is greatly appreciated! Thanks
0
Comment
Question by:eli290
5 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 40500169
One of your PC's?

Lock down your firewall so that only the DC/DNS server(s) are sending out DNS requests to the internet.  This will stop the outbound issue.  You can then examine traffic requests coming from the PC when they hit the firewall.

Check the host file on the PC in the first instance if it is only happening to one
0
 
LVL 7

Expert Comment

by:Deadman
ID: 40500174
for DNS logging of web site access you need a proxy server solution
0
 

Author Comment

by:eli290
ID: 40500209
I dont have access to my firewall since we are behind our county network. They alerted me about the DNS requests. They said to turn on DNS logging on my server to see where they originate. I turned on logging but not sure where I would even find the requests.
0
 

Author Comment

by:eli290
ID: 40500221
I just installed wireshark and running a capture to see if  I can grab the info from there. I am using a capture filter of Port 53
0
 
LVL 2

Accepted Solution

by:
UnHeardOf earned 500 total points
ID: 40596415
it sounds like reverse lookup records for RFC1918 addresses are hitting the internet which are directed to black hole dns servers. RFC1918 lookups should never reach the internet. You would need to create the reverse lookup zones.

You could enable dns logging and set the options to log the following:

incoming requests
queries
udp
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question