prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Scott Elgr » Thu, 09 Sep 2004 03:10:33


Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some research as
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from hitting
the firewall. I read that I can do this by setting something in my windows
2000 server DNS but I am not sure what to set or where. Does anyone have
any suggestions?

--
-Scott
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Todd J Her » Thu, 09 Sep 2004 04:59:10

Are your servers pointed towards your internal local DNS server for the AD
Domain?

--
Todd J Heron, MCSE
Windows 2003/2000/NT



as
windows

 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Todd J Her » Thu, 09 Sep 2004 05:33:42

Do you have any reverse lookup zone configured? And does your DNS event
viewer log tell you anything?

--
Todd J Heron, MCSE
Windows 2003/2000/NT





AD


it.
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Scott Elgr » Thu, 09 Sep 2004 05:45:23

There are 3 primary server reverse lookup zones listed.
0.in-addr.arpa
127.in-addr.arpa
255.in-addr.arpa

However, they are only visible when advanced viewing is turned on.

-Scott







the


a
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Steve » Thu, 09 Sep 2004 06:30:58

You need to have a reverse lookup zone for the subnet that you are running
internally.

The reverse lookup zones that you have do not seem to cover your lan
correct?
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Scott Elgr » Thu, 09 Sep 2004 07:36:44

My lan uses the IP range 192.168.0.0/24. Would I need an entry for
192.168.0.0/24 in the reverse lookup zone just like I have in the forward
lookup zone?

-scott





research
hitting
have
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Steve Bruc » Thu, 09 Sep 2004 12:40:20


when you create the zone it just asks you type in the net id 192.168.0
and then it takes it from there if you just keep clicking "next" Ok etc.
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Jonathan d » Fri, 15 Oct 2004 12:42:10

SBm> when you create the zone it just asks you type in the net id
192.168.0 [...]

I recommend not attempting to be clever about subnets.

<URL: http://www.yqcomputer.com/ ./~J.deBoynePollard/FGA/dns-private-address-split-horizon.html#Subnets>
 
 
 

prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org

Post by Jonathan d » Fri, 15 Oct 2004 12:42:10

SE> Many computers on my network are trying to contact
SE> 192.175.48.1, 192.175.48.6 and 192.175.48.42 on UDP port 53. [...]

<URL: http://www.yqcomputer.com/ ./~J.deBoynePollard/FGA/dns-private-address-split-horizon.html>