DNS forwarding queries - howto disable

[msnews.microsoft.com]

Windows 2000, DNS. I do NOT any have forwarders enabled.

Yet the dns server is forwarding queries to 192.52.178.30

How do I stop this? Thanks

 

[Deji Akomolafe]

That's a root server. And, unless your DNS server is at the root of the
internet, it is doing exactly what it is supposed to do, so leave it alone.

Deji

 

[msnews.microsoft.com]

How do I prevent spammers from using my DNS server to get IP addresses ?
Today, I had many, many DNS requests from a couple of IP addresses for
many different domains.
I am blocking those IP addresses at the firewall, but would like a better
solution.

 

[Herb Martin]

Windows 2000, DNS. I do NOT any have forwarders enabled.

Yet the dns server is forwarding queries to 192.52.178.30

How do you know it is "forwarding"?

How do I stop this? Thanks

Forwarding is a technical term and if you have no forwarders
enabled then it is almost certainly not "forwarding."

It might be performing recursive lookups due to root hints
or looking up CLIENT DNS for itself though.

First you figure out what it is really doing and then you
figure out if that makes sense or disable that feature.

That addres is one of the top level domain servers (for .net
and .com):

Name: k.gtld-servers.net
Address: 192.52.178.30

....so it is likely that this is just normal recursion.

You may if you wish disable ALL recursive request in the
DNS server properties ADVANCED tab.

Be warned, the DNS server will then ONLY resolve things
it knows directly.

 

[Per W.]

How do I prevent spammers from using my DNS server to get IP addresses ?
Today, I had many, many DNS requests from a couple of IP addresses for
many different domains.
I am blocking those IP addresses at the firewall, but would like a better
solution.

Block DNS in your firewall. Its seems like you have a very big security
problem if you have ports open in to your server that you shouldnt have

/Per W.

 

[Kevin D. Goodknecht Sr. [MVP]]

How do I prevent spammers from using my DNS server to get IP
addresses ? Today, I had many, many DNS requests from a couple of
IP addresses for many different domains.
I am blocking those IP addresses at the firewall, but would like a
better solution.

If you don't need these DNS servers to resolve the internet for clients,
"Disable recursion" on the Advanced tab.

 

[Herb Martin]

How do I prevent spammers from using my DNS server to get IP addresses ?

Do you mean your own EXTERNAL resources? Your internal resources?
Or general resolution for the Internet?

It's suppose to do the first, but you can fix this one,
IF you wish to block some requestors, by adding
IPSec BLOCK filters (or other firewall filters).

Your external DNS server should not even know or be able to find
your internal resources.

Today, I had many, many DNS requests from a couple of IP addresses for
many different domains.

On the Advanced tab you can check Disable Recursion if this
DNS server does NO Internet resolution for YOU. (I mentioned
this in my first response.)

This will stop your DNS server from resolving ANYTHING it
does not already know. (No forwarding, no recurion.)

I am blocking those IP addresses at the firewall, but would like a better
solution.

That is a GOOD solution. Disabling recursion may be simpler.

 

[msnews.microsoft.com]

How do you know it is "forwarding"?

I am watching traffic via a sniffer. An external IP Address sends a DNS
request to my DNS server, my DNS server forwards the request to
192.52.178.30, then returns the info to external IP Address.
I was mis-using the term "forwarding" - I should be saying recursive
lookups thru root hints. thanks.

Forwarding is a technical term and if you have no forwarders
enabled then it is almost certainly not "forwarding."

It might be performing recursive lookups due to root hints
or looking up CLIENT DNS for itself though.

YEP - is performing recursive lookups due to root hints..

First you figure out what it is really doing and then you
figure out if that makes sense or disable that feature.

That addres is one of the top level domain servers (for .net
and .com):

Name: k.gtld-servers.net
Address: 192.52.178.30

this ip address is NOT listed in the root hints list..
so, how does the server know about it?

...so it is likely that this is just normal recursion.

You may if you wish disable ALL recursive request in the
DNS server properties ADVANCED tab.

Be warned, the DNS server will then ONLY resolve things
it knows directly.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Per W.]

I am watching traffic via a sniffer. An external IP Address sends a DNS
request to my DNS server, my DNS server forwards the request to
192.52.178.30, then returns the info to external IP Address.
I was mis-using the term "forwarding" - I should be saying recursive
lookups thru root hints. thanks.

So you must have your DNS server visible from the outside, why?

/Per W.

 

[Herb Martin]

Yet the dns server is forwarding queries to 192.52.178.30

I am watching traffic via a sniffer. An external IP Address sends a DNS
request to my DNS server, my DNS server forwards the request to
192.52.178.30, then returns the info to external IP Address.
I was mis-using the term "forwarding" - I should be saying recursive
lookups thru root hints. thanks.

So that confirm it -- your DNS server is servicing
recursive queries (not forwarding) for external
requests.

If the machine has two NICs you should turn off or
block (inbound) the DNS service to it, or if it must
service requests then you must NOT use it to do
recursion for your internal users.

Your external DNS really is best placed back at the
REGISTRAR anyway.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

How do you know it is "forwarding"?

I am watching traffic via a sniffer. An external IP Address sends a DNS
request to my DNS server, my DNS server forwards the request to
192.52.178.30, then returns the info to external IP Address.
I was mis-using the term "forwarding" - I should be saying recursive
lookups thru root hints. thanks.

Forwarding is a technical term and if you have no forwarders
enabled then it is almost certainly not "forwarding."

It might be performing recursive lookups due to root hints
or looking up CLIENT DNS for itself though.

YEP - is performing recursive lookups due to root hints..

First you figure out what it is really doing and then you
figure out if that makes sense or disable that feature.

That addres is one of the top level domain servers (for .net
and .com):

Name: k.gtld-servers.net
Address: 192.52.178.30

this ip address is NOT listed in the root hints list..
so, how does the server know about it?

...so it is likely that this is just normal recursion.

You may if you wish disable ALL recursive request in the
DNS server properties ADVANCED tab.

Be warned, the DNS server will then ONLY resolve things
it knows directly.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]