+ Post New Thread
Results 1 to 13 of 13
Wireless Networks Thread, DNS Queries excessive ? in Technical; I have just checked a wireshark capture of my network traffic from one of our domain controllers and it's showing ...
  1. #1
    Scruff's Avatar
    Join Date
    May 2007
    Location
    Lincs
    Posts
    137
    Thank Post
    16
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    DNS Queries excessive ?

    I have just checked a wireshark capture of my network traffic from one of our domain controllers and it's showing a shed load of DNS requests for windows update.

    I have attached a screenshot but the packets can be about 600 in a row, this is between my two DNS servers and then it will attempt the same from both my DNS servers to one on the forward list, they never seem to cache any response as it's pretty constant


    Is this even remotely normal ?
    Attached Images Attached Images

  2. #2

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: DNS Queries excessive ?

    Did you install Wireshark onto the server to do this or did you capture the traffic from another device...?

  3. #3
    Scruff's Avatar
    Join Date
    May 2007
    Location
    Lincs
    Posts
    137
    Thank Post
    16
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Re: DNS Queries excessive ?

    it was captured using wireshark installed on the server

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: DNS Queries excessive ?

    It's a rather strange fixation over windows update you have there. What are the machines that own the IP's in question.

  5. #5
    Scruff's Avatar
    Join Date
    May 2007
    Location
    Lincs
    Posts
    137
    Thank Post
    16
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Re: DNS Queries excessive ?

    10.22.161.6 is primary DNS and Domain Controller (which wireshark is running on) and 10.22.161.4 is the secondary DNS server.

    It seems very odd

  6. #6

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: DNS Queries excessive ?

    The only thing I could come up with was a client is trying to update - but that does not make any sense in regards to the IP addresses.....

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: DNS Queries excessive ?

    Are these AD intergrated zones, or not?

  8. #8
    Scruff's Avatar
    Join Date
    May 2007
    Location
    Lincs
    Posts
    137
    Thank Post
    16
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Re: DNS Queries excessive ?

    Yes they are......

    *queue excitement as Geoff narrows it down logically *

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: DNS Queries excessive ?

    I suspect it's DNS updates propergating from one DNS server to the other. As a result of DHCP leases being given out. Are one of these servers the DHCP server for the domain?

  10. #10
    Scruff's Avatar
    Join Date
    May 2007
    Location
    Lincs
    Posts
    137
    Thank Post
    16
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Re: DNS Queries excessive ?

    Yes the primary DNS server is also the DHCP server, it strikes me as odd that that many DNS queries can occur in such a short timeline (within a second or two) constantly as leases are not renewed that often

  11. #11

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: DNS Queries excessive ?

    You would have to post the contents of the packets (or even better, the dump file) for me to look at to be sure.

  12. #12
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30

    Re: DNS Queries excessive ?

    Funny you should mention this - im getting failures on my clients about failing to download updated root lists from that same web host (this was after M$ released a patch that broke WSUS)

  13. #13

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: DNS Queries excessive ?

    I suspect it's DNS updates propergating from one DNS server to the other.
    That often ?
    I suppose you could stop DNS on one of the servers to prove this...

SHARE:
+ Post New Thread

Similar Threads

  1. Joomla Queries
    By bensewell in forum Web Development
    Replies: 2
    Last Post: 20th July 2007, 09:32 AM
  2. Active Directory saved queries question.
    By tosca925 in forum Windows
    Replies: 4
    Last Post: 2nd May 2007, 03:17 PM
  3. LimitLogin Queries
    By Gatt in forum Windows
    Replies: 11
    Last Post: 29th January 2007, 12:46 PM
  4. One||Zero queries
    By Gatt in forum Windows
    Replies: 18
    Last Post: 23rd May 2006, 02:23 PM
  5. ISA Queries...
    By Gatt in forum Windows
    Replies: 14
    Last Post: 11th May 2006, 06:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •