wildcard problem Possibly?

[awojtowicz]

i am having a problem with a wildcard dns entry i think. We moved our website over to a hosted site. we had to add a wildcard entry and host entry for this service. the hosted service is saying they are getting attacks from us. they say they are getting systems from my network looking at them for windows updates. this is happening all the time and they have scripts that run and detect us as attacking them and they ban our IP. we house our own WSUS server here in district and we use GPO to point to it for updates. it looks to be working fine. but somehow we are also looking at them for it.

i ran a nslookup from my dns server to our wsus server. if i just put the name of my server it finds it's IP properly. if i do a lookup by fqdn it comes back with the hosts IP. i'm lost! everything looks to be setup properly in DNS. my wsus server is there in DNS. what could be going on. this wildcard in on both my internal and external dns servers.

 

[notRoman]

Oh, I don't know. Do you have a dot (.) at the end of the fully qualified domain name?

 

[awojtowicz]

well i figured it out. it had nothing to do with Windows Updates. It had to do with our ISA server and IE on our systems. i controller proxy settings by GPO. i just push out the ip and port of the proxy server. we dont use "automatically detect settings" for our systems. but found some pc's around the network had that box checked in IE on local accounts. so if the system was running but not logged in it had that box checked. i had to add a dhcp option 252 to our dhcp scope. i had to create a wpad.dat file on our isa server. this filehas our isa servers ip and port. this stops the pc's from looking for "automatic proxy settings". this stopped all that extra traffic out of our network.