Re: Block subnet from accessing DNS server

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Read inline please.

In news:1180023051.182246.158060@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
VinceV <vpv@xxxxxxx> typed:
I'm experiencing a potential DoS attack from a group of servers on a
local subnet controlled by the UNIX group. These servers are
requesting a lookup of the same addresses every 10 seconds and putting
a considerable load on the Windows DNS servers.

My request to have those servers pointed to the appropriate DNS server
has fallen on deaf ears so I'd like to determine how to block them.

If I were running BIND I'd create a zone and simply ignore their
requests. Unfortunately the Windows Server 2003 DNS service lacks
that capability.

Blocking these servers may cause unintended consequences, I would be more
inclined to first find out what the lookup is, why it keeps asking the
Windows DNS and what answer it is looking for.
Interesting to me is that it repeats the lookup every 10 seconds, this
sounds like a forwarding loop, if it were anything else, the Windows DNS
would send an NXDOMAIN, and the lookup would stop at least for the period of
the TTL of the negative answer.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: Some emails not getting through
    ... ok I did a lookup under message tracking, ... you don't need both connectors. ... >connector at all assuming both servers have access to the ... If you turn on message tracking can you ...
    (microsoft.public.exchange2000.connectivity)
  • Re: Excessive reverse lookups.
    ... >excessive amount of reverse lookups and hammering their dns servers. ... one lookup for each message received. ... >all the bounced spam messages sitting in our queues undeliverable. ... >Can this lookup problem be addressed without adding a third party spam ...
    (microsoft.public.exchange2000.admin)
  • Re: When mail servers do reverse lookups
    ... >1) Lookup the reverse DNS entry for sender's MX record? ... lot of servers out there that don't send the "correct" helo string. ... Andrew Hodgson in Bromyard, Herefordshire, UK. ...
    (microsoft.public.exchange2000.general)
  • Re: When mail servers do reverse lookups
    ... >1) Lookup the reverse DNS entry for sender's MX record? ... lot of servers out there that don't send the "correct" helo string. ... Andrew Hodgson in Bromyard, Herefordshire, UK. ...
    (microsoft.public.windows.server.dns)
  • Re: PLEASE HELP ME!!!
    ... it appears that the problem is your DNS is not giving you any ... way to do a lookup for boards.gamefaqs.com. ... A temporary solution is to *add* an entry into your HOSTS file so that ... that we now know is shared by other servers for other services. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)