none
Weeding out DNS 'background' noise requests RRS feed

  • Question

  • Hi all,

    I have DNS debug logging enabled across a number of Windows 2003 DNS servers which we are looking to decommission.

    I want to check for any valid DNS traffic stiff hitting these which needs attention (e.g. devices still pointing to them), but ignore generic DNS requests which can be answered by any DNS server and they have picked up (e.g. Domain name lookups, etc).

    Does anyone know of a good way/script/tool to achieve this?

    We want to ensure that no VALID traffic is still hitting these and ignore/strip out anything which is genuine but will be picked up automatically by any other DNS server once these are switched off.

    Thanks,
    Martin

    Tuesday, November 5, 2019 3:42 PM

Answers

  • We ended up writing a script that took each entry which was marked as an A-record and returned a direct hostname resolution, stripped out duplicates and produced an output of unique IP addresses.

    Thanks all for the input.
    • Marked as answer by M. Franqueira Wednesday, December 4, 2019 6:02 PM
    Wednesday, December 4, 2019 6:02 PM

All replies

  • Hi,

    you could try just removing those machines from the NS records of the zones. This way, the will not get queried by reference so any request is 'genuine' traffic indicating that there is a system pointing to those boxes for DNS.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, November 6, 2019 7:30 AM
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Monday, November 11, 2019 3:27 AM
  • Hi ,

    You could mark the useful reply as answer if you want to end this thread up.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Tuesday, November 12, 2019 7:23 AM
  • We ended up writing a script that took each entry which was marked as an A-record and returned a direct hostname resolution, stripped out duplicates and produced an output of unique IP addresses.

    Thanks all for the input.
    • Marked as answer by M. Franqueira Wednesday, December 4, 2019 6:02 PM
    Wednesday, December 4, 2019 6:02 PM