eli290
asked on
DNS Logging to track
I have a server 2003 running DNS in my AD. I received a report that one of my PC's is sending DNS requests to a "Sink holed" domain. I have turned on logging but not sure how to go about finding the culprit. Any help is greatly appreciated! Thanks
for DNS logging of web site access you need a proxy server solution
ASKER
I dont have access to my firewall since we are behind our county network. They alerted me about the DNS requests. They said to turn on DNS logging on my server to see where they originate. I turned on logging but not sure where I would even find the requests.
ASKER
I just installed wireshark and running a capture to see if I can grab the info from there. I am using a capture filter of Port 53
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Lock down your firewall so that only the DC/DNS server(s) are sending out DNS requests to the internet. This will stop the outbound issue. You can then examine traffic requests coming from the PC when they hit the firewall.
Check the host file on the PC in the first instance if it is only happening to one