Why is my W2K DNS/DHCP making outbound connections?

[Woodie]

I'm about out of answers. Here's the scenario:
4 computer home LAN, server is W2K, and running DNS & DHCP services for 2 other computers. 4th pc is an internet gateway, running a Dial-On-Demand application, to dial into my ISP.

Problem:
The DNS/DHCP server is triggering a DOD every hour, and I need to reduce/eliminate this behavior.

The DNS is setup as a primary, non-root, for domain xxx.local. It automatically setup the root DNS servers for forwarding. I did not add my ISP's DNS servers. I configured the refresh interval for a week, and the time-out for 10 minutes.

According to the gateway, the first packet that triggers the dial is a DNS query, going to a random root DNS server, with 167.168.192.in-addr in the query. (Figures, I forgot to print out the packet info).

Also, when I start nslookup on my client (pointed to my private DNS), it also triggers a Dial-up, and the prompt I get back in nslookup, says that the servername is unknown, but it's still pointed at the right IP addy, and it will answer queries correctly.

The wife is getting pretty pissed at the modem being on so much.

What more info is needed? I'm at work now, so can't do anything, but I may be able to provide additional info.

--Woodie

 

[spidey07]

isn't that part of active directory? I've put sniffers on win2k severs and see them trying to do a dynamic DNS update to the ROOT name servers. They do it on their own. Why they do I have no idea.

go figure.

 

[Woodie]

This one does not have AD. Is there any way to turn off Dynamic Update for the DNS server itself? I do remember changing a box about Dynamic update, but it may have been in DHCP...I'll have to look.

--Woodie

 

[mobly99]

Woodie,

You need to make sure that you have an A and a PTR record for DNS server, otherwise it will try and resolve itself with it's forwarders when you do an nslookup (and you get the Default Server: UnKnown message since the root servers will never have info on private address space).

You should have a reverse zone for whatever private address space you are using (i.e. 167.168.192.in-addr ) so that any reverse lookups get resolved locally.

-Dave

 

[Tallgeese]

<< The wife is getting pretty pissed at the modem being on so much. >>

<<You need to make sure that you have an A and a PTR record for DNS server >>

With one post, mobly saves Woodie's marriage!

And Woodie, depending on his level of marital bliss, is either ecstatically happy with or extremely pissed off at mobly...

 

[Woodie]

Thanks for all the responses...of course they just led to more questions

I think I can fumble my way through creating the A and PTR records (those are in the forward lookup zone, right?)
The reverse lookup zone confused me. I tried before, but ended up deleting the zone. I think what I do is:
1. Create New Zone (in the Reverse folder)
2. Use the wizard, type in &quot;192.168.167&quot; (I use a single class C subnet, 192.168.167.xxx).
3. Click OK/finish until it's done.
Am I missing something?

--Woodie

 

[mobly99]

PTR goes in the reverse zone

-Dave

 

[Woodie]

OK, here's the update:
I added the reverse zone.
I added the A and PTR records (There was aleady an A record, but I redid it anyway).

Results:
No more dialing up every hour!
nslookup now returns the server name, and doesn't trigger the DOD, unless I request something from the Inet.
But....when I do a self-test (in the DNS), it still fails, and a few seconds later, it triggers another dial. Here's the packet trace:

-------------------------- #:1 --------------------------
Delta Time: 0.000sec Packet Length: 73 bytes (49 hex)
: Dest: 45:00:00:49:23:96 Source: 00:00:7F:11:EB3
: Dest: 192.033.004.012 Source: 192.168.167.100
----------------------- IP HEADER -----------------------
IP: Version: 4 Correct Header Length: 20 bytes
IP: Type Of Service: 00
IP: 000. .... Routine
IP: ...0 .... Normal Delay
IP: .... 0... Normal Throughput
IP: .... .0.. Normal Reliability
IP: Total Len: 73 (x49) bytes Id: 2396
IP: Flags: 0
IP: .0.. May Fragment
IP: ..0. Last Fragment
IP: Fragment Offset: 000
IP: Time To Live: 127 sec Protocol: 17 UDP
IP: Header Checksum: EBD3 (Correct)
IP: No Options

---------------------- UDP HEADER ----------------------
UDP: Source Port: 1338 (Unassigned port) Dest Port: 53 (Domain NameServer)
UDP: Length: 53 (x35)
UDP: Checksum: 326F (Correct)
-------------------------- DNS --------------------------
DNS: ID:14574
DNS: Query Standard Query
DNS: FLAGS: 0
DNS: ..0. .... = No Truncation
DNS: Return Code: 0 (No Error)
DNS: Question Cnt: 1, Answer Cnt: 0
DNS: Authority Cnt: 0, Additional Cnt: 0
DNS: Question Section
DNS: Name: _ldap._tcp.dc._msdcs.BOMBER
DNS: Type: 033 Class: 01

NOTES:
My DNS server is 192.168.167.100 (GUNNER)
I was on my W2K client, using the DNS manager pointed to GUNNER when I did the test. The client is BOMBER (see the query section).
The client is configured by DHCP, including DNS &amp; domain name options.

Any ideas? and thanks again for the other help!

--Woodie

 

[Shadow07]

First thing first.

&quot;DNS: Name: _ldap._tcp.dc._msdcs.BOMBER
DNS: Type: 033 Class: 01&quot;

This is a resource locator DNS entry. Notice the &quot;_&quot; followed by the LDAP name. This means you do have Active Directory installed, or tried to at least.

Anyway, when you state that you tried to initiate a &quot;Test&quot;, was this from the DNS MMC to test DNS Lookups and Recursive Lookups? If so, then your DNS server will not only query itself, but also the DNS Forwarders. If you do not specify any DNS forwards, then it will query high level DNS servers. If you do not want this, then turn off DNS forwarding. If you want to use your local DNS server for all DNS queries, you will have to leave DNS Forwarding turned on. Then just specify your ISP's DNS servers.

Hope this helps.