- Posts: 27
- Thank you received: 0
Traffic due to Fake DNS Entry
18 years 9 months ago #12890
by Benny
Traffic due to Fake DNS Entry was created by Benny
History:
******
We have parent Domain Controller and Three additional DC’s in three different locations. We installed a testing DC as additional in a separate subnet. Later we removed the DC and the subnet (Vlan in Switch) after testing it.
We have also Configured NTP in our parent DC to maintain the sync between Workstation and the DC.
After removing the testing DC form the Network, We faced slowness in the network. Through Network Analyzer we found out that a particular Ip address (Ip address of Testing DC) is consuming lot of bandwidth.
This particular ip address is initiated from all the workstations to DC as a NTP service. So using a packet sniffer I found out that the NTP service is initiated to all the name servers in the network. Actually we have only 4-name server (One parent and 3 additional). But the NTP is also initiated to a fifth name server (removed Testing DC ).
So I removed the DNS Entry (Testing Dc’s Ip addr ) from the all the 4 Dc’s(forward and reverse lookup zone) to solve the issue. But after sometime the entry gets added automatically to all the DC’s, which again creates traffic.
Problem to be focused.
******************
The Dns Entry Deleted is automatically getting added to the DC’s. How to purge it permanently? From where the entry is getting replicated to all the Dc’s?
Regards
Benny
******
We have parent Domain Controller and Three additional DC’s in three different locations. We installed a testing DC as additional in a separate subnet. Later we removed the DC and the subnet (Vlan in Switch) after testing it.
We have also Configured NTP in our parent DC to maintain the sync between Workstation and the DC.
After removing the testing DC form the Network, We faced slowness in the network. Through Network Analyzer we found out that a particular Ip address (Ip address of Testing DC) is consuming lot of bandwidth.
This particular ip address is initiated from all the workstations to DC as a NTP service. So using a packet sniffer I found out that the NTP service is initiated to all the name servers in the network. Actually we have only 4-name server (One parent and 3 additional). But the NTP is also initiated to a fifth name server (removed Testing DC ).
So I removed the DNS Entry (Testing Dc’s Ip addr ) from the all the 4 Dc’s(forward and reverse lookup zone) to solve the issue. But after sometime the entry gets added automatically to all the DC’s, which again creates traffic.
Problem to be focused.
******************
The Dns Entry Deleted is automatically getting added to the DC’s. How to purge it permanently? From where the entry is getting replicated to all the Dc’s?
Regards
Benny
Time to create page: 0.107 seconds