Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS Logging to track

Posted on 2014-12-15
5
Medium Priority
?
42 Views
Last Modified: 2015-03-04
I have a server 2003 running DNS in my AD. I received a report that one of my PC's is sending DNS requests to a "Sink holed" domain. I have turned on logging but not sure how to go about finding the culprit. Any help is greatly appreciated! Thanks
0
Comment
Question by:eli290
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 40500169
One of your PC's?

Lock down your firewall so that only the DC/DNS server(s) are sending out DNS requests to the internet.  This will stop the outbound issue.  You can then examine traffic requests coming from the PC when they hit the firewall.

Check the host file on the PC in the first instance if it is only happening to one
0
 
LVL 7

Expert Comment

by:Deadman
ID: 40500174
for DNS logging of web site access you need a proxy server solution
0
 

Author Comment

by:eli290
ID: 40500209
I dont have access to my firewall since we are behind our county network. They alerted me about the DNS requests. They said to turn on DNS logging on my server to see where they originate. I turned on logging but not sure where I would even find the requests.
0
 

Author Comment

by:eli290
ID: 40500221
I just installed wireshark and running a capture to see if  I can grab the info from there. I am using a capture filter of Port 53
0
 
LVL 2

Accepted Solution

by:
UnHeardOf earned 2000 total points
ID: 40596415
it sounds like reverse lookup records for RFC1918 addresses are hitting the internet which are directed to black hole dns servers. RFC1918 lookups should never reach the internet. You would need to create the reverse lookup zones.

You could enable dns logging and set the options to log the following:

incoming requests
queries
udp
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question