Spurious DNS request originating from DNS server

[jbradrose]

Have a DNS which is looking in all the wrong areas - not sure why.
I see DNS entries port 137 to 137 going to a completely different
subnet than we are using.

allow out eth1 383 udp 20 127 192.168.XXX.XX 192.168.61.1 137 137
(SMB(Optional))
allow out eth1 383 udp 20 127 192.168.XXX.XX 192.168.0.1 137 137
(SMB(Optional))

We don't use the .61.XXX or the .0.1 subnets.

I have looked in the DNS and I can't see any entries. WINS is not
running. I have cleared out the cache of the DNS.

Any ideas?

Thanks,

Brad

 

[Herb Martin]

Have a DNS which is looking in all the wrong areas - not sure why.
I see DNS entries port 137 to 137 going to a completely different
subnet than we are using.

Sounds wrong -- although technically any port can
be used, real DNS clients and servers practically
all use 53 (UDP primarily but TCP for some things.)

Usually 137 is NetBIOS name service.

allow out eth1 383 udp 20 127 192.168.XXX.XX 192.168.61.1 137 137
(SMB(Optional))
allow out eth1 383 udp 20 127 192.168.XXX.XX 192.168.0.1 137 137
(SMB(Optional))

We don't use the .61.XXX or the .0.1 subnets.

I have looked in the DNS and I can't see any entries. WINS is not
running. I have cleared out the cache of the DNS.

Generally if you have more than one (internal) subnet
(i.e., internal routers) you are going to want WINS
server and to make every machine (DCs and servers too)
WINS clients -- but that is another issue.