I am working on a new network configuration. I put four
Win2K servers (AD/DNS/DHCP, Exchange, Mail Marshal,
OracleDB) behind a Raptor firewall to host a remote AD
domain. I have the raptor set as the default gateway, and
using its DNSd service, it is now the forwarder for the
AD/DNS server, which has recursion disabled (and the root
hints deleted.) All the other servers point to the AD/DNS
for their DNS. Name resolution works fine except I see in
the raptor logs a flood of outgoing traffic to the root
name servers with destination port 53 (which of course it
blocks because the servers are supposed to ask the raptor
for external DNS name resolution. These floods happen from
each server, perodically, in random order throughout the
day. The source port on the server changes every three or
four attempts. The firewall is doing its job by blocking
this but I hate to see the error logs getting filled.
So where in Win2K (on all four servers) could this be
coming from? Is this traffic the specific servers trying
to dynamically update the Root Name Servers?? (And WHY
would the member servers try to update the Root Name
Servers, wouldn't they only go the the AD server that is
authorative for their DNS suffix?)
Here is a copy of a few of the attempts:
(192.168.1.10->192.175.48.1: Protocol=UDP Port 3162->53)
(192.168.1.11->192.175.48.1: Protocol=UDP Port 3630->53)
(192.168.1.12->192.175.48.1: Protocol=UDP Port 1601->53)
(192.168.1.13->192.175.48.1: Protocol=UDP Port 4463->53)
Any suggestions will be appreciated!
|
Similar Threads
