Sign in
 
Home200820032000LibraryForums
Windows Server TechCenter > Windows Server Forums > General > DNS log filling up with UDP requests
Ask a questionAsk a question
Search Forums:
 

AnswerDNS log filling up with UDP requests

  • Sunday, November 08, 2009 4:02 AMClaudio-C Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    I have recently built a Windows 2008 domain and have come accross a strange issue.  I have two DNS servers and one of them is acting very strange.  It started when I looked at our switch and noticed the link light was solid.  From there once logging into the server i checked the DNS and all seemed to look ok.  When stopping the DNS service the network saturation seemed to stop.  Once starting the service again the saturation began once again.

    After finding that something was wrong I decided to use DNS logging to see what the issue is and instantly noticed that the log was filling up with thousands of UDP requests to our gateway.  I have attached part of the log to see if anyone has any ideas.  I cant run DNS on this server because is just starts consuming the network.

    Any ideas how to solve this?  BTW 10.1.1.1 is our cisco firewall.

    11/7/2009 10:41:45 PM 05FC PACKET  02E83548 UDP Rcv 10.1.1.1        e830   Q [0001   D   NOERROR] A     (9)messenger(5)yahoo(3)com(0)
    11/7/2009 10:41:45 PM 05FC PACKET  02E83548 UDP Snd 10.1.1.1        e830 R Q [8081   DR  NOERROR] A     (9)messenger(5)yahoo(3)com(0)
    11/7/2009 10:41:45 PM 05FC PACKET  038B2180 UDP Rcv 10.1.1.1        e831   Q [0001   D   NOERROR] A     (5)login(5)oscar(3)aol(3)com(0)
    11/7/2009 10:41:45 PM 05FC PACKET  038B2180 UDP Snd 10.1.1.1        e831 R Q [8081   DR  NOERROR] A     (5)login(5)oscar(3)aol(3)com(0)
    11/7/2009 10:41:45 PM 05FC PACKET  038B6EB8 UDP Rcv 10.1.1.1        e832   Q [0001   D   NOERROR] A     (7)gateway(9)messenger(7)hotmail(3)com(0)
    11/7/2009 10:41:45 PM 05FC PACKET  038B6EB8 UDP Snd 10.1.1.1        e832 R Q [8081   DR  NOERROR] A     (7)gateway(9)messenger(7)hotmail(3)com(0)

     

Answers

  • Monday, November 09, 2009 3:00 PMClaudio-C Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Thanks anyways Meinolf but actually we found out that it was our Cisco FW that was causing the issue.  It was blocking those IM clients but for some reason even though nobody on the system is able to use MSN or AIM it was clobbering the network.  I think we just need to update the IOS on that Cisco.  Perhaps the redesigned TCP/IP stack in 2008 server was causing the issue?
    • Marked As Answer byClaudio-C Monday, November 09, 2009 3:00 PM
    •  
     

All Replies

  • Monday, November 09, 2009 12:18 AMMeinolf WeberMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hello,

    for me it looks like that windows meesenger, AOL and hotmail are highly used in your network.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
     
  • Monday, November 09, 2009 3:00 PMClaudio-C Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Thanks anyways Meinolf but actually we found out that it was our Cisco FW that was causing the issue.  It was blocking those IM clients but for some reason even though nobody on the system is able to use MSN or AIM it was clobbering the network.  I think we just need to update the IOS on that Cisco.  Perhaps the redesigned TCP/IP stack in 2008 server was causing the issue?
    • Marked As Answer byClaudio-C Monday, November 09, 2009 3:00 PM
    •