Announcement

Collapse
No announcement yet.

DNS issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS issue

    Anybody have any problems with your DNS forwarders being changed? I have had mine changed twice to 1.94.156.1 and 1.94.220.220. I can't figure out how they are being changed. I have changed the admin password and it still happens. Anti virus and anti spam does not pick it up.

  • #2
    Re: DNS issue

    Change all your domain admin account passwords!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: DNS issue

      Who has access to your DNS console???

      Comment


      • #4
        Re: DNS issue

        If you enable DNS logging, does that give you any infomation on what user/what computer the change request was made?

        Other then that, I Would check the Security logs for any account with admin priv logging on the night it happen (if you can get a time range for it).

        Wofen
        Good to be back....

        Comment


        • #5
          Re: DNS issue

          I have applied all of Microsoft patches and the new Java. When the new java verifed it came back with a problem. I removed java and reinstalled. The only entry in the DNS log I have seen is one today about an invalid domain name in a packet from the router. I have no history of this. This is after all the updates.
          I guess time will tell if it is fixed.

          Comment


          • #6
            Re: DNS issue

            What does java have to do with the problem?

            Comment


            • #7
              Re: DNS issue

              Originally posted by joeqwerty View Post
              What does java have to do with the problem?
              It is abit of a strech, but...


              If he was hacked, and the hacker used a java applet to gain remote admin to the computer, removing that would stop the applet working, and therefore undo the changes made by the applet.

              As I said, its abit of a grasp, but it does fit.... kinda.

              Wofen
              Good to be back....

              Comment


              • #8
                Re: DNS issue

                I am not sure if it has anything to do with it or not just stating facts. I have also changed from a Smoothwall firewall to a Cisco RV082 router and an untangle firewall running in bridge mode behind the RV082. The untangle box is a UTM layer 7 firewall with complete scanning of all traffic. I decided to use the shotgun approach to solving this problem. I do have to say the DNS was never changed on the Smoothwall.

                Comment


                • #9
                  Re: DNS issue

                  Huh?

                  Are you saying that your SBS is not your DNS, not for the server and not for the workstations?
                  If not, it should be.
                  Last edited by teiger; 17th October 2010, 04:10. Reason: teh to the
                  TIA

                  Steven Teiger [SBS-MVP(2003-2009)]
                  http://www.wintra.co.il/
                  sigpic
                  Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                  We donít stop playing because we grow old, we grow old because we stop playing.

                  Comment


                  • #10
                    Re: DNS issue

                    SBS is my central DNS for all workstations and servers. SBS DNS points to my edge device for DNS which right now is a Cisco RV082 router. It was pointing to a Smoothwall firewall prior to that for a couple of years. I had the Smoothwall blocking all out going port 53 requests which in effect disabled hijacking my DNS. As soon as my DNS is hijacked and not pointed to my edge device the internet traffic just stops. All I have to do is change my DNS IP back to the edge device and everything starts working again.

                    Comment


                    • #11
                      Re: DNS issue

                      What do you mean by

                      Originally posted by coxhaus View Post
                      SBS DNS points to my edge device for DNS which right now is a Cisco RV082 router. It was pointing to a Smoothwall firewall prior to that for a couple of years.
                      By "pointing to" do you mean that the SBS NIC(s) are configured with the router as the DNS (wrong - it should point to itself, the internal NIC if there are two) or the DNS is configured to use the router as forwarders (not wrong but preferable to use either the ISP's Servers or Root Hints).
                      TIA

                      Steven Teiger [SBS-MVP(2003-2009)]
                      http://www.wintra.co.il/
                      sigpic
                      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                      We donít stop playing because we grow old, we grow old because we stop playing.

                      Comment


                      • #12
                        Re: DNS issue

                        Sorry about the terminology. My SBS is pointing to it self’s NIC and the SBS is the main DNS server. The SBS is set to forward to my router for DNS. It is more of a cascading setup.
                        I also have 'Do not use recurison' checked for better control.
                        Last edited by coxhaus; 24th October 2010, 19:53.

                        Comment


                        • #13
                          Re: DNS issue

                          So point it to your ISP's DNS(es). You are not gaining anything by pointing to your router. You know that the router is not authoratative for anything (except maybe itself). So save yourself the extra hop and lookup. Your ISP will have lots more info in their DNS and it should work a lot smoother.
                          TIA

                          Steven Teiger [SBS-MVP(2003-2009)]
                          http://www.wintra.co.il/
                          sigpic
                          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                          We donít stop playing because we grow old, we grow old because we stop playing.

                          Comment


                          • #14
                            Re: DNS issue

                            Huh?

                            Are you saying that your SBS is not your DNS, not for the server and not for the workstations?
                            If not, it should be.

                            Comment


                            • #15
                              Re: DNS issue

                              No sorry for the confusion, but re-read the whole thread.
                              Everything in the network points to the SBS. The SBS uses forwarders pointing to the ISPs DNS's.
                              TIA

                              Steven Teiger [SBS-MVP(2003-2009)]
                              http://www.wintra.co.il/
                              sigpic
                              Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                              We donít stop playing because we grow old, we grow old because we stop playing.

                              Comment

                              Working...
                              X