S
Steve
The company I work for has a Win2k AD environment. The
internal domain name is the same as the external,
publicly hosted domain name (eg. abccompany.com).
Last week, when we tried to access a webpage hosted on a
server on the Intranet from our Intranet
(hostname.dev.abccompany.com) the IE clients attempted to
incorrectly access a website with the public IP
216.65.91.114. A check of the DEV folder in the Cached
Lookup on the server used as a DNS forwarder revealed an
A Record with this IP. Deleting this record allowed
clients to correctly resolve to the internal address
contained in the AD-integrated zone. Please note that
the problematic A record was deleted but the Cached
Lookup was not cleared using the Clear Cache GUI menu
function.
I suspected DNS Cache pollution might be a problem and
made the Registry changes detailed in KB241352 to guard
against this. However, the mysterious A record
reappeared in the root of Cached Lookup. This time,
instead of an IP address, it was delineated as an FQDN
(w13370.hostcentric.net).
I scanned the DNS forwarder server for viruses using the
latest updates (thought it might be QHosts-1:
http://securityresponse.symantec.com/avcenter/venc/data/tr
ojan.qhosts.html) but there were no viruses reported.
Am I missing something here? Why does this record keep
appearing in the cache? I'd appreciate some help.
Thanks in advance,
Steve
internal domain name is the same as the external,
publicly hosted domain name (eg. abccompany.com).
Last week, when we tried to access a webpage hosted on a
server on the Intranet from our Intranet
(hostname.dev.abccompany.com) the IE clients attempted to
incorrectly access a website with the public IP
216.65.91.114. A check of the DEV folder in the Cached
Lookup on the server used as a DNS forwarder revealed an
A Record with this IP. Deleting this record allowed
clients to correctly resolve to the internal address
contained in the AD-integrated zone. Please note that
the problematic A record was deleted but the Cached
Lookup was not cleared using the Clear Cache GUI menu
function.
I suspected DNS Cache pollution might be a problem and
made the Registry changes detailed in KB241352 to guard
against this. However, the mysterious A record
reappeared in the root of Cached Lookup. This time,
instead of an IP address, it was delineated as an FQDN
(w13370.hostcentric.net).
I scanned the DNS forwarder server for viruses using the
latest updates (thought it might be QHosts-1:
http://securityresponse.symantec.com/avcenter/venc/data/tr
ojan.qhosts.html) but there were no viruses reported.
Am I missing something here? Why does this record keep
appearing in the cache? I'd appreciate some help.
Thanks in advance,
Steve