Excessive DNS traffic

  • Thread starter Thread starter Greg
  • Start date Start date
G

Greg

Traffic logs show constant traffic between my server and a
DNS server. Is this normal?

66.179.12.115 is an external DNS server
..9 is my exchange server

[00201] 2003-10-15 00:36:34 system-notification-00257
(traffic): start_time="2003-10-15 00:36:33" duration=1
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=115 rcvd=188
src=192.168.1.9 dst=66.179.12.115

[00202] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=92 rcvd=165
src=192.168.1.9 dst=66.179.12.115

[00203] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=84 rcvd=157
src=192.168.1.9 dst=66.179.12.115

[00204] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=92 rcvd=165
src=192.168.1.9 dst=66.179.12.115

[00205] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=84 rcvd=157
src=192.168.1.9 dst=66.179.12.115
 
In
Greg said:
Traffic logs show constant traffic between my server and a
DNS server. Is this normal?

66.179.12.115 is an external DNS server
.9 is my exchange server

[00201] 2003-10-15 00:36:34 system-notification-00257
(traffic): start_time="2003-10-15 00:36:33" duration=1
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=115 rcvd=188
src=192.168.1.9 dst=66.179.12.115

[00202] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=92 rcvd=165
src=192.168.1.9 dst=66.179.12.115

[00203] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=84 rcvd=157
src=192.168.1.9 dst=66.179.12.115

[00204] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=92 rcvd=165
src=192.168.1.9 dst=66.179.12.115

[00205] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=84 rcvd=157
src=192.168.1.9 dst=66.179.12.115
Click to expand...

Yes this is normal operation for all mail servers. Mail servers have to look
up MX records for outgoing mail, and if enabled reverse lookups for incoming
mail from untrusted SMTP servers.
 
Kevin, thanks I appreciate it.
-----Original Message-----
In Greg <[email protected]> posted a question
Then Kevin replied below:
Traffic logs show constant traffic between my server and a
DNS server. Is this normal?

66.179.12.115 is an external DNS server
.9 is my exchange server

[00201] 2003-10-15 00:36:34 system-notification-00257
(traffic): start_time="2003-10-15 00:36:33" duration=1
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=115 rcvd=188
src=192.168.1.9 dst=66.179.12.115

[00202] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=92 rcvd=165
src=192.168.1.9 dst=66.179.12.115

[00203] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=84 rcvd=157
src=192.168.1.9 dst=66.179.12.115

[00204] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=92 rcvd=165
src=192.168.1.9 dst=66.179.12.115

[00205] 2003-10-15 00:36:40 system-notification-00257
(traffic): start_time="2003-10-15 00:36:38" duration=2
policy_id=0 service=dns proto=17 src zone=Trust dst
zone=Untrust action=Permit sent=84 rcvd=157
src=192.168.1.9 dst=66.179.12.115
Click to expand...

Yes this is normal operation for all mail servers. Mail servers have to look
up MX records for outgoing mail, and if enabled reverse lookups for incoming
mail from untrusted SMTP servers.




.
Click to expand...
 
Back
Top