Solved

DNS Logging to track

Posted on 2014-12-15
5
28 Views
Last Modified: 2015-03-04
I have a server 2003 running DNS in my AD. I received a report that one of my PC's is sending DNS requests to a "Sink holed" domain. I have turned on logging but not sure how to go about finding the culprit. Any help is greatly appreciated! Thanks
0
Comment
Question by:eli290
5 Comments
 
LVL 12

Expert Comment

by:DLeaver
Comment Utility
One of your PC's?

Lock down your firewall so that only the DC/DNS server(s) are sending out DNS requests to the internet.  This will stop the outbound issue.  You can then examine traffic requests coming from the PC when they hit the firewall.

Check the host file on the PC in the first instance if it is only happening to one
0
 
LVL 7

Expert Comment

by:Deadman
Comment Utility
for DNS logging of web site access you need a proxy server solution
0
 

Author Comment

by:eli290
Comment Utility
I dont have access to my firewall since we are behind our county network. They alerted me about the DNS requests. They said to turn on DNS logging on my server to see where they originate. I turned on logging but not sure where I would even find the requests.
0
 

Author Comment

by:eli290
Comment Utility
I just installed wireshark and running a capture to see if  I can grab the info from there. I am using a capture filter of Port 53
0
 
LVL 2

Accepted Solution

by:
UnHeardOf earned 500 total points
Comment Utility
it sounds like reverse lookup records for RFC1918 addresses are hitting the internet which are directed to black hole dns servers. RFC1918 lookups should never reach the internet. You would need to create the reverse lookup zones.

You could enable dns logging and set the options to log the following:

incoming requests
queries
udp
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now