Who is requesting DNS lookups from my Windows 2003 dns server

  • Thread starter Thread starter Mik
  • Start date Start date
M

Mik

I have a firewall logger program that show me traffic coming in and
out of our network. It currently shows high / evenly distributed
levels of traffic dns traffic originating from my Windows 2003 AD /
active directory DNS server. I would like to know which of my clients
is making the requests to my AD server. Does anyone know how to get
this info.

My DNS server is currently configed for Root hints.

thanks

Mik
 
Read inline please.

In
Mik said:
I have a firewall logger program that show me traffic coming in and
out of our network. It currently shows high / evenly distributed
levels of traffic dns traffic originating from my Windows 2003 AD /
active directory DNS server. I would like to know which of my clients
is making the requests to my AD server. Does anyone know how to get
this info.
Click to expand...

I'm not sure what you are really asking, but if your clients are configured
properly, they should all be requesting DNS from the DC if it has DNS
installed.
My DNS server is currently configed for Root hints.
Click to expand...

Also, not sure how this relates to your question.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Read inline please.



I'm not sure what you are really asking, but if your clients are configured
properly, they should all be requestingDNSfrom the DC if it hasDNS
installed.




Also, not sure how this relates to your question.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================http://www.lonestaramerica.com/http://support.wftx.us/http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and morehttp://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:http://www.oehelp.com/OEBackup/Default.aspx
===================================
Click to expand...

Sorry for not asking the question properly...

I need to find a log (or enable logging) on my Windows 2003 Active
Directory integrated DNS server - to find out which client (ip
address) is requesting what name lookup. I know that these clients
requesting dns info from my DNS server are MY clients - because their
conifgured with a DHCP scope listing my internal DNS server.
Ultimetly I'm trying to identify what my firewall logging program is
seeing.... Its seeing a lot of DNS iterative or recursive queries
coming from my DNS server (which are requests from my clients) I want
to know which of my clients are doing the requesting and for what
associated FQDNs.

thanks again for any help on this!

Mik
 
In
Mik said:
Sorry for not asking the question properly...

I need to find a log (or enable logging) on my Windows 2003 Active
Directory integrated DNS server - to find out which client (ip
address) is requesting what name lookup. I know that these clients
requesting dns info from my DNS server are MY clients - because their
conifgured with a DHCP scope listing my internal DNS server.
Ultimetly I'm trying to identify what my firewall logging program is
seeing.... Its seeing a lot of DNS iterative or recursive queries
coming from my DNS server (which are requests from my clients) I want
to know which of my clients are doing the requesting and for what
associated FQDNs.

thanks again for any help on this!

Mik
Click to expand...

Sounds like you'll need a packet sniffer to find this info. If you want to
keep track of what sites and traffic your users are up to, as well as
control such traffic, I would suggest installing ISA, Websense, Barracuda,
or any other number of proxy applicance out there that will log all traffic
and can work with AD authentication to allow traffic. Big Brother...

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain
 
Back
Top