none
Local DNS Query

    Question

  • Dear All,

    I have 2 DCs and both are also being used as Local DNS servers. Our security team is complaining that our DNS is trying to make unncessary UDP query. In there application SOURCE is shown as our local dns server, and destination is irrelvant ip

    In our Local dns I have set up forwarder and our ISP dns Ip has been defined that means any query which cannot be resolved by local dns it will forward to public DNS , any idea how t0 control this issu

    Sunday, January 29, 2017 10:36 AM

Answers

  • https://technet.microsoft.com/en-us/library/cc961401.aspx

    while it shouldnt happen when the dns query is forwarded, it could happen if the root hints are used. in that case there would be multiple ips involved based on the domain you query. you could disable them to see if it makes a difference in your scenario. another option would be to block dns traffic into the internet at your firewall except for the ip of your isp that you forward to.

    Sunday, January 29, 2017 10:50 AM

All replies

  • https://technet.microsoft.com/en-us/library/cc961401.aspx

    while it shouldnt happen when the dns query is forwarded, it could happen if the root hints are used. in that case there would be multiple ips involved based on the domain you query. you could disable them to see if it makes a difference in your scenario. another option would be to block dns traffic into the internet at your firewall except for the ip of your isp that you forward to.

    Sunday, January 29, 2017 10:50 AM
  • Good point by FZB.

    Since it is 53 UDP, we can say it is totally related to name resolution. So for now, you can remove Root Hints if you have no forwarders, also check if an old forwarder (conditional or not conditional) lies somewhere in your console. There might be some applications which query directly to specific host using 53 port. So watch out if you have some applications down there. 


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Sunday, January 29, 2017 2:13 PM
    Moderator
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, please feel free to ask.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, February 9, 2017 4:49 AM
    Moderator