Share via

DNS server - forwarder questions

Anonymous
2024-08-23T23:59:19+00:00

Hi - Hopefully this is the correct group for this.

we're trying to eliminate our clients from resolving DNS directly from the public and just have the AD/DNS servers perform those lookups. I'll keep this simple:

One on-prem DNS server: 192.168.10.10 - this server has its forwarders set to 8.8.8.8 and 1.1.1.1

One windows client: 192.168.10.11 - the windows desktop has its DNS server set to only 192.168.10.10

In our firewall logs, i see the expected traffic from 192.168.10.11 -> 192.168.10.10 over udp/53. But....i'm also seeing a ton of traffic between 192.168.10.11 -> 1.1.1.1 or 8.8.8.8 over udp/53.

For clarity, i do see a ton of lookups from our DNS server to those two public resolvers, but i'm surprised that the clients would do those on their own, especially since the desktop clients do not even have those entries configed.

Am i missing something?

thanks.

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-08-26T06:35:43+00:00

    Hi Danny-782,

    Thank you for posting in the Microsoft Community Forums.

    Check the client configuration:

    Verify that the client's DNS server settings contain only the IP address of the internal DNS server (192.168.10.10).

    Check if any applications or services are configured to use a specific DNS server and change these settings accordingly.

    Check the internal DNS server configuration:

    Verify that the forwarder settings for the internal DNS servers are correct and include only trusted public DNS servers (such as 8.8.8.8 and 1.1.1.1).

    Check the performance and logs of the internal DNS servers for any errors or unusual behavior.

    Check the network configuration:

    Check the configuration of firewalls and routers to ensure that there are no rules allowing or forcing clients to access the public DNS servers directly.

    Check network routing tables to ensure that DNS queries are properly routed to internal DNS servers.

    Scan and clean up clients:

    Scan clients with anti-virus software and anti-malware tools to find and remove any malware or adware that could alter DNS settings.

    Monitoring and logging:

    Enable more detailed logging on internal DNS servers and clients so that problems can be tracked and diagnosed as they occur.

    Use network monitoring tools to track the flow of DNS queries and determine if there is any unusual behavior.

    Best regards

    Neuvi

    0 comments