DNS Flooding

  • Thread starter Thread starter Joe
  • Start date Start date
J

Joe

Hi,

My internal Windows 2000 DNS servers flooded my External
DNS server. On my external logs it shows (no more
recursive clients: quota reached). On the internal DNS my
logs do not help to tell me what is going on. It
continued for about 30 minutes and stopped network
connectivity. Has any one experienced this problem?

Thanks,

Joe
 
In
Joe said:
Hi,

My internal Windows 2000 DNS servers flooded my External
DNS server. On my external logs it shows (no more
recursive clients: quota reached). On the internal DNS my
logs do not help to tell me what is going on. It
continued for about 30 minutes and stopped network
connectivity. Has any one experienced this problem?

Thanks,

Joe
Click to expand...

What is your internal using for a forwarder?

One thing to check is your DNS search list on your internal clients. Check
if you have a domain name in your search list that does not have a forward
lookup zone in your internal server. The reason for this is this name is
appended to all queries to DNS and if the zone does not exist locally, it
will be forwarded to your external DNS. Because AD domains are so reliant on
DNS this could cause a lot of extra queries being forwarded.

You should also make sure these two DNS servers are not forwarding to each
other, that sets up a DNS loop which will cause uncontrolled forwards.
 
Yes, my internal is a forwarder. Anything that needs to
be resolved externally it goes to my external DNS's. The
internal DNS are forwarding to only the external servers
not to each other. My DNS search list seems fine it has
been working fine, but yesterday for about 30 minutes the
external DNS servers stop responding because of the
requests it was getting from the internal servers. I am
using bind 9 on the external servers.
 
In
Joe said:
Yes, my internal is a forwarder. Anything that needs to
be resolved externally it goes to my external DNS's. The
internal DNS are forwarding to only the external servers
not to each other. My DNS search list seems fine it has
been working fine, but yesterday for about 30 minutes the
external DNS servers stop responding because of the
requests it was getting from the internal servers. I am
using bind 9 on the external servers.
Click to expand...


Is your internal AD domain a single label name?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Joe said:
Yes, my internal is a forwarder. Anything that needs to
be resolved externally it goes to my external DNS's. The
internal DNS are forwarding to only the external servers
not to each other. My DNS search list seems fine it has
been working fine, but yesterday for about 30 minutes the
external DNS servers stop responding because of the
requests it was getting from the internal servers. I am
using bind 9 on the external servers.
Click to expand...

Throw me a bone then, your DNS search list seems fine?
It would not be forwarding any query if it had the answer. So it must be
forwarding all those requests for some reason. Maybe you have a virus or
Trojan then, since your DNS search list seems "fine".
 
Back
Top