Dynamic update SOA 10.in-addr.arpa

[bobbytupper]

I have been monitoring network traffic and found that 30% of our DNS traffic outbound on our network is for a dns server that I don't reckognise.

I installed a network sniffer on the perimeter of the network and I can see a lot of Dynamic update SOA 10.in-addr.arpa DNS requests to an external DNS server coming from out PDC emulator and the a response saying Dynamic update refused.

If anyone could help shed a little light it would be apreciated.

James

 

[dmandell]

It sounds like you have a DNS server internally that is trying to update an external server. The server is refusing the update (as it probably should) Make sure your SOA (start of Authority) for that zone (10.in-addr.arpa) is set to your internal server and you should stop seeing the traffic.

I am assuming that this is a zone internal to your company and you would not want to be doing outside zone transfers of this internal zone anyway.

Hope this helps,
Dana

 

[jameshutchinson008]

Thanks for your reply dana the zone 10.in-addr.arpa is an internal reverse lookup zone, and you are correct in saying that this zone shouldnt be transfered to any external dns servers.

I have several reverse lookup zones in DNS my only problem is they all first octet is 10 (10.XX.XX.XX) I have checked th SOA for each zone and can find no reference to the external DNS server.

We are using Microsoft DNS for active directory.

Any ideas?

james

 

[dmandell]

Under the properties for each Zone, check the following.

On the Zone transfers tab, make sure only internal DNS servers are listed in the box.

Also check under the notify tab, and remove any external servers on that list.

Dana

 

[jameshutchinson008]

Dana I have checked these settings, the external dns server is not specified anywhere.

James

 

[dmandell]

Is "Allow zone transfers to any server" checked?
Also, make sure, not only that the SOA is NOT set to the external server, but that the SOA IS set to your internal server.

Dana