RE: strange DNS behavior over the last 2 days
From: Levinson, Karl (LevinsonK@STARS-SMI.com)
Date: 03/28/03
- Previous message: Cliff Gilley (System Admin, HolyElvis.com): "Re: California State Bill SB1386"
- Maybe in reply to: steve baker: "strange DNS behavior over the last 2 days"
- Next in thread: Jacob: "Re: strange DNS behavior over the last 2 days"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Levinson, Karl" <LevinsonK@STARS-SMI.com> To: 'steve baker' <stephenbbaker@hotmail.com>, incidents@securityfocus.com Date: Fri, 28 Mar 2003 16:00:29 -0500
Two thoughts: when I see different results from NSLOOKUP and PING, I think
about checking other sources of name resolution, such as WINS or NetBIOS
name broadcast requests [and looking at the local machine name cache using
NBTSTAT -c and IPCONFIG /FLUSHDNS on Windows 2000 to display, NBTSTAT -R and
IPCONFIG /FLUSHDNS to flush the local caches]. If the problem is due to
NetBIOS names, you might consider confirming your firewall blocks NetBIOS
both to and from the internet.
Also, you might read the article at www.cert.org concerning DNS cache
poisoning [Microsoft naturally had to rename it to "pollution"] and see if
that might apply to your situation. If this was the case, flushing the name
caches on both the local host and the server [for example by restarting the
DNS service] would probably make the problem go away immediately [though
temporarily]. Whether or notn this is the problem here, IMHO you really
should consider enabling the setting to prevent cache poisoning on probably
any Microsoft DNS server as described here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352
-----Original Message-----
From: steve baker [mailto:stephenbbaker@hotmail.com]
Sent: Thursday, March 27, 2003 1:07 PM
To: incidents@securityfocus.com
Subject: strange DNS behavior over the last 2 days
For some odd reason, periodically our clients will visit a site, only to
have a blank page appear as if the site loaded.
Nslookup resolves the correct IP address, but ping returns 64.251.66.2 for
every address that has this problem. There are NO hosts files on these
machines and regardless of which DNS server we point them to, the same
problem occurs.
The problem occurs intermittently as well, which makes it even harder to pin
down. Some sites previously affected will be accessible and new sites not
affected suddenly have the same problem - but they eventually clear up in
just about 10 minutes.
Very strange. Has anyone heard or seen this before on a network running
windows nt 4 DNS server with nt/2000 clients?
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfihl1
- Previous message: Cliff Gilley (System Admin, HolyElvis.com): "Re: California State Bill SB1386"
- Maybe in reply to: steve baker: "strange DNS behavior over the last 2 days"
- Next in thread: Jacob: "Re: strange DNS behavior over the last 2 days"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
