sillysi

Can anyone shed any light on the following - I have a Win 2K Pro PC which runs Mailsweeper for E-mail content filtering. It's default gateway is our internal firewall and it's DNS server entries are our ISPs addresses. During the day it makes DNS request about every 15mins until about 12am when it then does it every hour up until about 8am then it reverts back to 15mins. It does this even if I stop the Mailsweeper services, there is nothing else running on the PC. The PC used to run Win NT 4.0 Workstation and it never showed this sort of behaviour it's only since going to 2K. It is causing me a problem as every time it makes a DNS request it is bringing the ISDN line up which is fine during the day but not during the evening, the accountants want it stopping to save a few pence every day.

Si.

dsmith

No idea on the DNS - but if you have access to the router (and its a cisco) you can play with the Dial-Up access-list so DNS wont cause a dial from say 8pm to 7am.

Deano

HHxx

Is the register this connection box checked in the dns tab in tcpip advanced?

If so uncheck it. It used to dynamically register itself when used in a ad domain.

H

sillysi

H,

It is unchecked but still makes no difference.

Deano,

My router does not have dial-up times so that ones out.

Si.

Lust4Life

With Intel ISDN routers you can create a rule to stop these type of requests.

I think they are UDP but I haven't had to do this one for a few years.

Cheers,

Phil

IWatkins

On my Cisco ISDN router I need to set this rule:

SET IP FILTER ICMP OUT DESTINATION 194.43.224.130/32 IGNORE

where 194.43.224.130 is my ISPs DNS

That fixed the problem of spurious dial-ups. Maybe you can do something similar ?

Cheers

Ian

sillysi

Phil,

They are udp/dns requests on port 53.

Ian,

That would stop all DNS requests from the PC, I have some DNS requests that are initiated from the PC's e-mail software which need to be allowed through to the ISP. I need to be able to stop the requests that are not coming from the e-mail software.

All help is greatly appreciated.

Si.

IWatkins

Si,

No, it doesn't stop all DNS requests from the PC otherwise I wouldn't be able to surf, get email, read news etc.

It actually ignores ICMP traffic if the line is inactive. If the line is active then ICMP traffic is allowed.

---

Erm, er, edited, to say you do want the traffic from your email to bring the line up but not the spurious traffic from Win2k. So, yes, I'm a dick

Give us a clue what router you have, it may be possible to do something. For instance, are you running NetBIOS locally as that can generate some traffic.

Cheers

Ian

[Edited by IWatkins - 12/6/2002 11:52:55 AM]

dsmith

Master of Understatement

sillysi

Ian,

I have a Webramp router which is basically a Sonic Wall re-badged. The only protocol installed on the PC is TCP/IP but I do have NetBIOS set to enable over TCP/IP.

Si.

ids

Possibly the 'DNS Client' service, which is essentially a local DNS client cache on the machine.

Stop it thru 'Computer Managment' or at the command prompt 'net stop "dns client" 'and see if that helps. If it does then set it to 'Disabled'

It dosent need to run, just helps things in an AD environment.

Ids

sillysi

Ids,

I shall give that a go. Is it worth stopping the DHCP service as well?

Si.

ids

Can do (unless you are using DHCP ) as theres some spurious name resolution stuff that can actaully use DHCP.

Let us know how u get on.

Last thing to do is get a copy of Etherreal, WinCap or MS NetMon loaded. You can see what the actual traffic is then.

Ids