Apologies if this has been posted before, I couldn't find anything relevent after a search.
We have a small network of about 6 computers that connect to the internet through wingate.
All our systems are clean of spyware, adware etc as verified by Ad Aware SE. When on the client activity screen I can see that there are about 50-100 DNS lookups happening per second, pretty much about 90% to stats.update.microsoft.com and the rest www.symantec.com.
Our ISP has disconnected the internet connection twice now because of this and we are failing to see what is causing so many DNS lookups to these addresses.
Again, I state that we are 100% sure that we have no spyware/adware/viruses on these machines, so are completely baffled as to where these lookups are coming from.
Any help would be hugely appreciated as we've been warned that if we are reconnected and it happens again, we will lose the internet account with them altogether.
Thanks in advance,
Jon
DNS Flooding
Moderator: Qbik Staff
4 posts
• Page 1 of 1
DNS Flooding
by Jon » Oct 29 05 4:14 am
- Jon
- Posts: 2
- Joined: Oct 29 05 3:48 am
- Location: Kingston-upon-Hull, United Kingdom
by jamesc » Oct 29 05 2:31 pm
Please have a look at this post: http://forums.qbik.com/viewtopic.php?p=19427#19427
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by Jon » Oct 31 05 11:46 pm
Problem was solved, however it was a different issue (we don't have Active Directory).
Gatekeeper showed hundreds of dns lookups from user "Guest" on the server's ip address.
Under DNS Service: Properties: Bindings: (Binding Policy) Add:
Selected "External Connection: any ip address"
ticked the box to enable "Bind to any IP on External connection",
removed the tick to disable "Bind to any IP on any internal adapter". That seemed to solve the problem.
Thanks all the same for your reply, I thought I'd post my solution here in case anyone else had similar troubles.
Gatekeeper showed hundreds of dns lookups from user "Guest" on the server's ip address.
Under DNS Service: Properties: Bindings: (Binding Policy) Add:
Selected "External Connection: any ip address"
ticked the box to enable "Bind to any IP on External connection",
removed the tick to disable "Bind to any IP on any internal adapter". That seemed to solve the problem.
Thanks all the same for your reply, I thought I'd post my solution here in case anyone else had similar troubles.
- Jon
- Posts: 2
- Joined: Oct 29 05 3:48 am
- Location: Kingston-upon-Hull, United Kingdom
by MattP » Nov 01 05 12:03 pm
Hi,
It sounds like you may have your network adapters configured the wrong way around. Binding the DNS server to the external adapter means that you are binding it to the adapter that faces the internet, so anyone on the internet can connect to your DNS service.
Removing it from the internal adapter means that no-one on your LAN can use the DNS service.
Please check that your internal (LAN) adapter is set to internal in the Network tab and your internet adapter is set to external.
We definitely don't recommend binding your services to the external adapters as this opens you up to exploitation from the internet.
Which machine is making the DNS requests? You should be able to see this on the activity tab. I would suggest that you check the machine that the DNS requests are originating from, there is something there that is causing this machine to request that DNS name.
In the meantime you can create a policy denying access to that machine in the DNS service, and configure it for proxy connections. This will still allow it to browse the internet but will stop the DNS requests. You can create the policy on the location tab in the DNS service.
It sounds like you may have your network adapters configured the wrong way around. Binding the DNS server to the external adapter means that you are binding it to the adapter that faces the internet, so anyone on the internet can connect to your DNS service.
Removing it from the internal adapter means that no-one on your LAN can use the DNS service.
Please check that your internal (LAN) adapter is set to internal in the Network tab and your internet adapter is set to external.
We definitely don't recommend binding your services to the external adapters as this opens you up to exploitation from the internet.
Which machine is making the DNS requests? You should be able to see this on the activity tab. I would suggest that you check the machine that the DNS requests are originating from, there is something there that is causing this machine to request that DNS name.
In the meantime you can create a policy denying access to that machine in the DNS service, and configure it for proxy connections. This will still allow it to browse the internet but will stop the DNS requests. You can create the policy on the location tab in the DNS service.
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 10 guests