Discussion:
prisoner.iana.org, blackhole-1.iana.org, blackhole-2.iana.org
(too old to reply)
Scott Elgram
2004-09-07 18:10:33 UTC
Permalink
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some research as
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from hitting
the firewall. I read that I can do this by setting something in my windows
2000 server DNS but I am not sure what to set or where. Does anyone have
any suggestions?
--
-Scott
Todd J Heron
2004-09-07 19:59:10 UTC
Permalink
Are your servers pointed towards your internal local DNS server for the AD
Domain?
--
Todd J Heron, MCSE
Windows 2003/2000/NT
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some research as
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from hitting
the firewall. I read that I can do this by setting something in my windows
2000 server DNS but I am not sure what to set or where. Does anyone have
any suggestions?
--
-Scott
Scott Elgram
2004-09-07 20:29:23 UTC
Permalink
yes........our windows 2000 server which runs AD is also the DNS server
which all the workstations are talking to.

-Scott
Post by Todd J Heron
Are your servers pointed towards your internal local DNS server for the AD
Domain?
--
Todd J Heron, MCSE
Windows 2003/2000/NT
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some
research
Post by Todd J Heron
as
Post by Scott Elgram
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from hitting
the firewall. I read that I can do this by setting something in my
windows
Post by Scott Elgram
2000 server DNS but I am not sure what to set or where. Does anyone have
any suggestions?
--
-Scott
Todd J Heron
2004-09-07 20:33:42 UTC
Permalink
Do you have any reverse lookup zone configured? And does your DNS event
viewer log tell you anything?
--
Todd J Heron, MCSE
Windows 2003/2000/NT
Post by Scott Elgram
yes........our windows 2000 server which runs AD is also the DNS server
which all the workstations are talking to.
-Scott
Post by Todd J Heron
Are your servers pointed towards your internal local DNS server for the AD
Domain?
--
Todd J Heron, MCSE
Windows 2003/2000/NT
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some
research
Post by Todd J Heron
as
Post by Scott Elgram
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from
hitting
Post by Todd J Heron
Post by Scott Elgram
the firewall. I read that I can do this by setting something in my
windows
Post by Scott Elgram
2000 server DNS but I am not sure what to set or where. Does anyone
have
Post by Todd J Heron
Post by Scott Elgram
any suggestions?
--
-Scott
Scott Elgram
2004-09-07 20:45:23 UTC
Permalink
There are 3 primary server reverse lookup zones listed.
0.in-addr.arpa
127.in-addr.arpa
255.in-addr.arpa

However, they are only visible when advanced viewing is turned on.

-Scott
Post by Todd J Heron
Do you have any reverse lookup zone configured? And does your DNS event
viewer log tell you anything?
--
Todd J Heron, MCSE
Windows 2003/2000/NT
Post by Scott Elgram
yes........our windows 2000 server which runs AD is also the DNS server
which all the workstations are talking to.
-Scott
Post by Todd J Heron
Are your servers pointed towards your internal local DNS server for
the
Post by Todd J Heron
AD
Post by Scott Elgram
Post by Todd J Heron
Domain?
--
Todd J Heron, MCSE
Windows 2003/2000/NT
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some
research
Post by Todd J Heron
as
Post by Scott Elgram
to why this is occurring but I have been unable to find how to stop
it.
Post by Scott Elgram
Post by Todd J Heron
Post by Scott Elgram
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from
hitting
Post by Todd J Heron
Post by Scott Elgram
the firewall. I read that I can do this by setting something in my
windows
Post by Scott Elgram
2000 server DNS but I am not sure what to set or where. Does anyone
have
Post by Todd J Heron
Post by Scott Elgram
any suggestions?
--
-Scott
SteveB
2004-09-07 21:30:58 UTC
Permalink
You need to have a reverse lookup zone for the subnet that you are running
internally.

The reverse lookup zones that you have do not seem to cover your lan
correct?
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some research as
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from hitting
the firewall. I read that I can do this by setting something in my windows
2000 server DNS but I am not sure what to set or where. Does anyone have
any suggestions?
--
-Scott
Scott Elgram
2004-09-07 22:36:44 UTC
Permalink
My lan uses the IP range 192.168.0.0/24. Would I need an entry for
192.168.0.0/24 in the reverse lookup zone just like I have in the forward
lookup zone?

-scott
Post by SteveB
You need to have a reverse lookup zone for the subnet that you are running
internally.
The reverse lookup zones that you have do not seem to cover your lan
correct?
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some
research
Post by SteveB
Post by Scott Elgram
as
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from hitting
the firewall. I read that I can do this by setting something in my windows
2000 server DNS but I am not sure what to set or where. Does anyone have
any suggestions?
--
-Scott
Steve Bruce, mct
2004-09-08 03:40:20 UTC
Permalink
when you create the zone it just asks you type in the net id 192.168.0
and then it takes it from there if you just keep clicking "next" Ok etc.
Post by Scott Elgram
My lan uses the IP range 192.168.0.0/24. Would I need an entry for
192.168.0.0/24 in the reverse lookup zone just like I have in the forward
lookup zone?
-scott
Post by SteveB
You need to have a reverse lookup zone for the subnet that you are running
internally.
The reverse lookup zones that you have do not seem to cover your lan
correct?
Post by Scott Elgram
Hello,
Many computers on my network are trying to contact 192.175.48.1,
192.175.48.6 and 192.175.48.42 on UDP port 53. I have done some
research
Post by SteveB
Post by Scott Elgram
as
to why this is occurring but I have been unable to find how to stop it.
These requests are not being let out past the firewall so it is not a
security risk but I would like very much to stop this traffic from
hitting
Post by SteveB
Post by Scott Elgram
the firewall. I read that I can do this by setting something in my windows
2000 server DNS but I am not sure what to set or where. Does anyone
have
Post by SteveB
Post by Scott Elgram
any suggestions?
--
-Scott
Jonathan de Boyne Pollard
2004-10-14 03:42:10 UTC
Permalink
SBm> when you create the zone it just asks you type in the net id
192.168.0 [...]

I recommend not attempting to be clever about subnets.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-private-address-split-horizon.html#Subnets>
Jonathan de Boyne Pollard
2004-10-14 03:42:10 UTC
Permalink
SE> Many computers on my network are trying to contact
SE> 192.175.48.1, 192.175.48.6 and 192.175.48.42 on UDP port 53. [...]

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-private-address-split-horizon.html>
Loading...