asked on Using Forwarders on a Windows Server
I have always been told to use your ISP's DNSs as forwarders on Windows DNS Servers. Today there was a EventID 5504 in the event log and on of the articles from Microsoft says to turn off forwarders. That =kind of shocked me. So should you or should you not use forwarders on a Windows DNS Server?
I was surprised removing them the internet still worked. What does it use for resolution if it isn't forwarders?
I was surprised removing them the internet still worked. What does it use for resolution if it isn't forwarders?
Email Servers
Last Comment
it_saige
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Use google public DNS there services are the best
8.8.8.8
8.8.4.4
DirkMare
8.8.8.8
8.8.4.4
DirkMare
ASKER
Those were the ones I used
How often did you get the event entry in your event log?
DirkMare
DirkMare
ASKER
Looks like it is a constant 3 per hour
Source of the connection?
DirkMare
DirkMare
ASKER
173.254.179.200 is what is in the event log
Can you use a tool like Wireshark to capture the packets to and from your server, I would like to know what workstation is trying to establish so many connections every so often to that IP
Finding the source might give you more insight to what is going on.
DirkMare
Finding the source might give you more insight to what is going on.
DirkMare
ASKER
I have wireshark running and tried to filter by that IP address but it said it was an invalid address. I have a feeling it needs to be on the LAN and it isn't. Where can I apply the filter to look just for that destination address?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I am a little lost about root hints. Someone actually hosts a DNS Server "i.root-servers.net"? how could it be at 192.36.148.17?
There are three private ranges 10.0.0.0/24 (or 10.0.0.1 - 10.255.255.254), 172.16.0.0/20 (or 172.16.0.1 - 172.31.255.254) and 192.168.0.0/16 (or 192.168.0.1 - 192.168.255.254). Meaning that 192.36.148.17 is a perfectly valid public IP address.
Public and Private Addresses
-saige-
Public and Private Addresses
-saige-
ASKER
That explains the private ranges but not the first part of the question. "Someone actually hosts a DNS Server "i.root-servers.net (along with the others)"?
Yes, someone actually hosts a nameserver called i.root-servers.net. This someone is Verisign.
You can read more about the *root* name servers here: https://en.wikipedia.org/wiki/Root_name_server
-saige-
Verisign, Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code top-level domains, and the back-end systems for the .jobs, .gov, and .edu top-level domains. Verisign also offers a range of security services, including managed DNS, distributed denial-of-service (DDoS) attack mitigation[5] and cyber-threat reporting.- Source
You can read more about the *root* name servers here: https://en.wikipedia.org/wiki/Root_name_server
-saige-
The IP Address of the offender is 173.254.179.200 which relates to a ISP in Sacremento, CA. So does that mean the forwarders are eventually hitting this ISP's DNS and it is returning something invalid?