strange dns server results

  • Thread starter Thread starter Dr.X
  • Start date Start date
D

Dr.X

Hi all.

This may not be a problem but I can't help but wonder about it. I wrote a
small program that watches my email server and take spammers ip addresses
and reveres them to add them to my own in-house block list. It seems to work
ok and it adds the ip to the file bl.mydomain.com.dns in the
winnt\system32\dns directory. The email server is consulting my dns server
and successfully blocking the listed ip (from what I can tell). But here is
the strange problem. I can see the ip listed in the text file
(bl.mydomain.com.dns) but I cannot see it listed in the dns consol (computer
management->services and applications->dns-> act. act..)

example:
1 spammer logs on to email server and spams.
2 server detects spam and hands it to my program
3 my program turns the ip address (a.b.c.d becomes d.c.b.a)
4 my program adds entry to the dns file to look like this: d.c.b.a A
127.0.0.2

now when my email server queries for the existence of
d.c.b.a.bl.mydomain.com and gets a result, the server rejects the email.
(that's what supposed to happen anyway).

Now I see in the consol applet many ip addresses that were added this way
but a lot are missing. I test it by doing nslookup d.c.b.a.bl.mydomain.com
and I get the proper result of 127.0.0.2 even though the dns server is not
showing it there.

Is there something I'm missing? I know I shouldn't worry about it if it
works but I can't help but think there must be something wrong or I'm doing
something wrong.

any help would be greatly appreciated.
 
In
Dr.X said:
Hi all.

This may not be a problem but I can't help but wonder about it. I
wrote a small program that watches my email server and take spammers
ip addresses and reveres them to add them to my own in-house block
list. It seems to work ok and it adds the ip to the file
bl.mydomain.com.dns in the winnt\system32\dns directory. The email
server is consulting my dns server and successfully blocking the
listed ip (from what I can tell). But here is the strange problem. I
can see the ip listed in the text file (bl.mydomain.com.dns) but I
cannot see it listed in the dns consol (computer management->services
and applications->dns-> act. act..)

example:
1 spammer logs on to email server and spams.
2 server detects spam and hands it to my program
3 my program turns the ip address (a.b.c.d becomes d.c.b.a)
4 my program adds entry to the dns file to look like this: d.c.b.a
A 127.0.0.2

now when my email server queries for the existence of
d.c.b.a.bl.mydomain.com and gets a result, the server rejects the
email. (that's what supposed to happen anyway).

Now I see in the consol applet many ip addresses that were added this
way but a lot are missing. I test it by doing nslookup
d.c.b.a.bl.mydomain.com and I get the proper result of 127.0.0.2 even
though the dns server is not showing it there.

Is there something I'm missing? I know I shouldn't worry about it if
it works but I can't help but think there must be something wrong or
I'm doing something wrong.

any help would be greatly appreciated.
Click to expand...

If you edit the zone by editing the text file, DNS should be stopped first.
 
Kevin D. Goodknecht said:
In

If you edit the zone by editing the text file, DNS should be stopped first.
Click to expand...
....

Thanks for responding Kevin.

I checked my code and it does in fact stop the dns service before making the
change. If it were a batch file, it would look something like this:

net stop dns
del c:\winnt\system32\dns\bl.mydomain.com.dns
copy temp_file.dns c:\winnt\system32\dns\bl.mydomain.com.dns
del temp_file.dns
net start dns

basically, my program creates temporary .dns file in a temp folder, then
stops the dns server, deletes the old dns file, copies the new one into
place, then starts the dns server. Is this an inappropriate method? Does the
dns server examine the file during startup?

Thanks again for the help Kevin.
 
In
Dr.X said:
...

Thanks for responding Kevin.

I checked my code and it does in fact stop the dns service before
making the change. If it were a batch file, it would look something
like this:

net stop dns
del c:\winnt\system32\dns\bl.mydomain.com.dns
copy temp_file.dns c:\winnt\system32\dns\bl.mydomain.com.dns
del temp_file.dns
net start dns

basically, my program creates temporary .dns file in a temp folder,
then stops the dns server, deletes the old dns file, copies the new
one into place, then starts the dns server. Is this an inappropriate
method? Does the dns server examine the file during startup?

Thanks again for the help Kevin.
Click to expand...

Does it increment the serial and delete the zone file in the back up folder?
 
Kevin D. Goodknecht said:
In

Does it increment the serial and delete the zone file in the back up folder?
Click to expand...

Good points. I was not deleting the back up. But I just did manually then
ran the program. it still does the same thing. Then i checked my code for
the serial. When my program runs, it changes the serial to reflect the date
and time (a NOW$ function in the programming language that i use). Although
it is not "incrementing" it sequentially, it is changing it. What i mean is,
instead of adding 1 the the serial, it just replaces it with a date + time
to make a code like " yymmddhhmmss ". I figured that every time the program
runs, the serial will always be different. Would this be an issue?

I'm not using a secondary dns so i have no worries about another server
getting confused by the serial format. in fact, the other 3 dns servers are
actually just downloading a copy of the .dns file from the first server and
doing the same thing (replacing the old file) and they all think they are
the primary with no secondary. I hope this isn't a bad thing.

btw, since you mentioned the back up folder, i think i'm going to add some
code to not only delete the old back up but to place a new back up there
just before replacing the "live" dns file. this shouldn't make a difference
with the problem at hand since i tested by deleting the backup and no
change.

Again, thank you for your help.
 
In
Dr.X said:
Good points. I was not deleting the back up. But I just did manually
then ran the program. it still does the same thing. Then i checked my
code for the serial. When my program runs, it changes the serial to
reflect the date and time (a NOW$ function in the programming
language that i use). Although it is not "incrementing" it
sequentially, it is changing it. What i mean is, instead of adding 1
the the serial, it just replaces it with a date + time to make a code
like " yymmddhhmmss ". I figured that every time the program runs,
the serial will always be different. Would this be an issue?

I'm not using a secondary dns so i have no worries about another
server getting confused by the serial format. in fact, the other 3
dns servers are actually just downloading a copy of the .dns file
from the first server and doing the same thing (replacing the old
file) and they all think they are the primary with no secondary. I
hope this isn't a bad thing.

btw, since you mentioned the back up folder, i think i'm going to add
some code to not only delete the old back up but to place a new back
up there just before replacing the "live" dns file. this shouldn't
make a difference with the problem at hand since i tested by deleting
the backup and no change.

Again, thank you for your help.
Click to expand...

Sometimes the DNS GUI is notorious for not refreshing properly. You can
refresh the console by rt-clicking the zone name, reload. That will refresh
the GUI with what's in the file. Also if there is some sort of character
that it doesn;'t like in the record, that *may* cause it too.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Sometimes the DNS GUI is notorious for not refreshing properly. You can
refresh the console by rt-clicking the zone name, reload. That will refresh
the GUI with what's in the file. Also if there is some sort of character
that it doesn;'t like in the record, that *may* cause it too.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...

Ace, have you noticed a problem with refreshing in the W2k3 version of the
DNS MMC snapin?
I think we fixed a few instances of this problem for W2k3 and am curious if
we still have significant problems.

Thanks.
 
"Ace Fekay [MVP]"
In

Sometimes the DNS GUI is notorious for not refreshing properly. You can
refresh the console by rt-clicking the zone name, reload. That will refresh
the GUI with what's in the file. Also if there is some sort of character
that it doesn;'t like in the record, that *may* cause it too.
Click to expand...

Hi Ace. Yeah, I tried that. That's what lead me to beleive there was
somthing wrong. I reload and still won't show the updates. Example, I just
checked the file and found a new entry just now as 205.252.101.116 A
127.0.0.2 but when I reload the gui, I didn't find an entry starting with
205. So I went to the command prompt, typed nslookup
205.252.101.116.bl.mydomain.com and sure enough it shows that it resolves to
127.0.0.2

I guess I can't count on the UI to be reliable but I can count on the server
to be accurate when it's queried so I will stop persuing it. I'll just be
glad that it works anyway and leave it at that.

Thanks to all for the help. If anyone has any ideas, I'll keep my eye on
this thread just in case.

Thanks again Ace.
Dr.X
 
Dr.X said:
"Ace Fekay [MVP]"


Hi Ace. Yeah, I tried that. That's what lead me to beleive there was
somthing wrong. I reload and still won't show the updates. Example, I just
checked the file and found a new entry just now as 205.252.101.116 A
127.0.0.2 but when I reload the gui, I didn't find an entry starting with
205. So I went to the command prompt, typed nslookup
205.252.101.116.bl.mydomain.com and sure enough it shows that it resolves to
127.0.0.2

I guess I can't count on the UI to be reliable but I can count on the server
to be accurate when it's queried so I will stop persuing it. I'll just be
glad that it works anyway and leave it at that.

Thanks to all for the help. If anyone has any ideas, I'll keep my eye on
this thread just in case.

Thanks again Ace.
Dr.X
Click to expand...


Are you using the W2k version of the DNS Manager snapin, or the W2k3
version?
Do you have filtering enabled?
Can you try enumerating the zone with DNSCMD? If so, is there a difference
between the recordset returned with DNS CMD and with the DNS Manager snapin?

Thanks
 
Michael Snyder said:
resolves


Are you using the W2k version of the DNS Manager snapin, or the W2k3
version?
Do you have filtering enabled?
Can you try enumerating the zone with DNSCMD? If so, is there a difference
between the recordset returned with DNS CMD and with the DNS Manager snapin?

Thanks
--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no
Click to expand...
rights.

Hi Michael.

I'm using W2k. I updated to SP4 a few weeks back and it didn't make any
version changes to the snapin or the mmc. It's still ver. 1.2 (didn't know I
could use the W2k3 ver. in W2k or did I misunderstand you?)

I checked filtering and its set to show all names. The display limit tab
shows 100000 wch I believe is max. (I don't think I'm listing more than
about 1500 anyway).

I forgot all about dnscmd. I'll have to download that. I've been using net
stop and net start from my program when it updates the dns file. :-\

Would you happen to have a link?

Much thanks.
Dr.X
 
Dr.X said:
rights.

Hi Michael.

I'm using W2k. I updated to SP4 a few weeks back and it didn't make any
version changes to the snapin or the mmc. It's still ver. 1.2 (didn't know I
could use the W2k3 ver. in W2k or did I misunderstand you?)

I checked filtering and its set to show all names. The display limit tab
shows 100000 wch I believe is max. (I don't think I'm listing more than
about 1500 anyway).

I forgot all about dnscmd. I'll have to download that. I've been using net
stop and net start from my program when it updates the dns file. :-\

Would you happen to have a link?

Much thanks.
Dr.X
Click to expand...

I'm such and idiot. I had dnscmd on the cd the whole time. :-\
I'm going to go learn how to use it and see if I can call it from my program
instead of calling net stop/start. I'm a slow learner so it might be a
while. When I figure it out, I'm sure I'll find that the problem is in my
own program rather than MSdns.

Thanks to all that offered the help. It is greatly appreciated.
Dr.X
 
In
Michael Snyder said:
Ace, have you noticed a problem with refreshing in the W2k3 version
of the DNS MMC snapin?
I think we fixed a few instances of this problem for W2k3 and am
curious if we still have significant problems.

Thanks.
Click to expand...

Sorry it took so long to reply. Busy with issues at home and work.

Well, with respect to W2k, not to go overboard, I was thinking when the root
zone is deleted, the console has to be refreshed (while highlighting the
servername) or reopened. I've seen when manually creating records, they
don't show up automatically unless the console is closed and then reopened.
Sometimes I don't see them when re-opened. The reload helps out there. AFA
W2k3, haven't tried it yet.

Cheers!






--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Dr.X said:
I'm such and idiot. I had dnscmd on the cd the whole time. :-\
I'm going to go learn how to use it and see if I can call it from my
program instead of calling net stop/start. I'm a slow learner so it
might be a while. When I figure it out, I'm sure I'll find that the
problem is in my own program rather than MSdns.

Thanks to all that offered the help. It is greatly appreciated.
Dr.X
Click to expand...

dnscmd /enuzones

You can use the help docs with the Support Tools or Here's a link on the
syntax and how to use it:

How do I use the DNSCMD application-:
http://www.winnetmag.com/Article/ArticleID/21710/21710.html

DNScmd syntax:
http://www.tburke.net/info/suptools/topics/dnscmd_syntax.htm

DNScmd examples:
http://www.tburke.net/info/suptools/topics/dnscmd_examples.htm

Just in case, if using a reserve word for a zone or record, that won't work
either.
314234 - DNS Cannot Create Zones That Contain Reserved Words:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314234

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
"Ace Fekay [MVP]"
message
....
dnscmd /enuzones

You can use the help docs with the Support Tools or Here's a link on the
syntax and how to use it:

How do I use the DNSCMD application-:
http://www.winnetmag.com/Article/ArticleID/21710/21710.html

DNScmd syntax:
http://www.tburke.net/info/suptools/topics/dnscmd_syntax.htm

DNScmd examples:
http://www.tburke.net/info/suptools/topics/dnscmd_examples.htm

Just in case, if using a reserve word for a zone or record, that won't work
either.
314234 - DNS Cannot Create Zones That Contain Reserved Words:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314234
Click to expand...
....

Thanks for the links Ace. Would you happen to know what ports dnscmd uses?
My ns1 is behind a bsd firewall and I have to get past that to send commands
to it.

thanks again.
Dr.X
 
In
Dr.X said:
"Ace Fekay [MVP]"
message
...
...

Thanks for the links Ace. Would you happen to know what ports dnscmd
uses? My ns1 is behind a bsd firewall and I have to get past that to
send commands to it.

thanks again.
Dr.X
Click to expand...

Not sure, but guessing since it's communicating with Windows, and also
authentication is being used which would require domain access or if a
standalone, it would require server communication , I would say a good
number of ports. Can you come in thru a VPN or use Terminal Services?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
"Ace Fekay [MVP]"
In ....
Click to expand...

Ok, it took me a while to get around to it but I re-wrote my program and it
now uses dnscmd to update the dns servers. When the email server receives
spam, it gets the ip address and reverses it. Then runs a line of code like
this:

dnscmd my_dns_server /recordadd block_list_zone RvrsIP$ A 127.0.0.2

This does exactly what I want without opening the dns file and without
restarting the dns service. With notification on, all servers are udated
almost instantly (very nice). However, it didn't make a change in the
strange results I originaly described. I'm going to have to give up on using
the gui. I guess just knowing that the lookups resolve is enough. I don't
really have to use the gui and if I need to unlist an ip, I can always use
dnscmd again.

Thanks to those that helped. Michael Snyder for reminding me that dnscmd
exists and Ace Fekay for all the cool links and ideas.

Dr.X
 
In
Dr.X said:
"Ace Fekay [MVP]"


Ok, it took me a while to get around to it but I re-wrote my program
and it now uses dnscmd to update the dns servers. When the email
server receives spam, it gets the ip address and reverses it. Then
runs a line of code like this:

dnscmd my_dns_server /recordadd block_list_zone RvrsIP$ A 127.0.0.2

This does exactly what I want without opening the dns file and without
restarting the dns service. With notification on, all servers are
udated almost instantly (very nice). However, it didn't make a change
in the strange results I originaly described. I'm going to have to
give up on using the gui. I guess just knowing that the lookups
resolve is enough. I don't really have to use the gui and if I need
to unlist an ip, I can always use dnscmd again.

Thanks to those that helped. Michael Snyder for reminding me that
dnscmd exists and Ace Fekay for all the cool links and ideas.

Dr.X
Click to expand...

Glad we were all able to help out.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top