Re: DNS forwarding queries - howto disable
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Thu, 5 Jan 2006 09:43:55 -0600
>>> Yet the dns server is forwarding queries to 192.52.178.30
>>
>> How do you know it is "forwarding"?
>
> I am watching traffic via a sniffer. An external IP Address sends a DNS
> request to my DNS server, my DNS server forwards the request to
> 192.52.178.30, then returns the info to external IP Address.
> I was mis-using the term "forwarding" - I should be saying recursive
> lookups thru root hints. thanks.
>
So that confirm it -- your DNS server is servicing
recursive queries (not forwarding) for external
requests.
If the machine has two NICs you should turn off or
block (inbound) the DNS service to it, or if it must
service requests then you must NOT use it to do
recursion for your internal users.
Your external DNS really is best placed back at the
REGISTRAR anyway.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"msnews.microsoft.com" <not_valid2@xxxxxxxxx> wrote in message
news:eTsPWYfEGHA.216@xxxxxxxxxxxxxxxxxxxxxxx
>
> "Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
> news:%23i6i%23jPEGHA.2708@xxxxxxxxxxxxxxxxxxxxxxx
>> "msnews.microsoft.com" <not_valid2@xxxxxxxxx> wrote in message
>> news:uMtimrOEGHA.3820@xxxxxxxxxxxxxxxxxxxxxxx
>>> Windows 2000, DNS. I do NOT any have forwarders enabled.
>>>
>>> Yet the dns server is forwarding queries to 192.52.178.30
>>
>> How do you know it is "forwarding"?
>
> I am watching traffic via a sniffer. An external IP Address sends a DNS
> request to my DNS server, my DNS server forwards the request to
> 192.52.178.30, then returns the info to external IP Address.
> I was mis-using the term "forwarding" - I should be saying recursive
> lookups thru root hints. thanks.
>
>
>>
>>> How do I stop this? Thanks
>>
>> Forwarding is a technical term and if you have no forwarders
>> enabled then it is almost certainly not "forwarding."
>>
>> It might be performing recursive lookups due to root hints
>> or looking up CLIENT DNS for itself though.
>
> YEP - is performing recursive lookups due to root hints..
>
>
>>
>> First you figure out what it is really doing and then you
>> figure out if that makes sense or disable that feature.
>>
>> That addres is one of the top level domain servers (for .net
>> and .com):
>>
>> Name: k.gtld-servers.net
>> Address: 192.52.178.30
>
> this ip address is NOT listed in the root hints list..
> so, how does the server know about it?
>
>
>
>>
>> ...so it is likely that this is just normal recursion.
>>
>> You may if you wish disable ALL recursive request in the
>> DNS server properties ADVANCED tab.
>>
>> Be warned, the DNS server will then ONLY resolve things
>> it knows directly.
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>
>
.
- References:
- DNS forwarding queries - howto disable
- From: msnews.microsoft.com
- Re: DNS forwarding queries - howto disable
- From: Herb Martin
- Re: DNS forwarding queries - howto disable
- From: msnews.microsoft.com
- DNS forwarding queries - howto disable
- Prev by Date: Re: DNS forwarding queries - howto disable
- Next by Date: How do I put two servers onto the same sub domain?
- Previous by thread: Re: DNS forwarding queries - howto disable
- Next by thread: Re: Aging and scavenging
- Index(es):
Relevant Pages
|
