DNS issues- session limits- cache poisoning ?

350ztn · Jul 31, 2008

I have a windwos 2003 server which is up to date with all service packs and windows updates. This is also the domain controller for the client. We have had been getting ip session limits on the firewall from the extreme DNS traffic coming from the server. I would understand the traffic during working hours but afterhours it is just as intense. I'm needing some guidance on what to look for on the server or firewall. The firewall is a Juniper SSG20 and is where the session limit is occuring and when this happens all internet traffic is blocked from the inside going out, until the sessions are cleared.

This is a page from the firewall on session traffic, as you can see in attachment lots of :53 port traffic...

Date/Time, Source Address/Port, Destination Address/Port, Translated Source Address/Port, Translated Destination Address/Port, Service, Duration, Bytes Sent, Bytes Received, Close Reason

2008-07-30 22:34:36 192.168.x.x:53941 203.119.28.1:53 12.x.x.x:1332 203.119.28.1:53 DNS 1 sec. 81 169 Close - RESP
2008-07-30 22:34:36 192.168.x.x:65334 87.247.11.2:53 12.x.x.x:2211 87.247.11.2:53 DNS 1 sec. 78 211 Close - RESP
2008-07-30 22:34:36 192.168.x.x:57493 198.41.0.4:53 12.x.x.x:1166 198.41.0.4:53 DNS 1 sec. 81 344 Close - RESP
2008-07-30 22:34:36 192.168.x.x:50358 198.41.0.4:53 12.x.x.x:1776 198.41.0.4:53 DNS 1 sec. 78 355 Close - RESP
2008-07-30 22:34:36 192.168.x.x:51655 82.98.128.132:53 12.x.x.x:1860 82.98.128.132:53 DNS 3 sec. 77 139 Close - RESP
2008-07-30 22:34:36 192.168.x.x:64088 203.83.159.1:53 12.x.x.x:1320 203.83.159.1:53 DNS 3 sec. 81 114 Close - RESP
2008-07-30 22:34:36 192.168.x.x:61267 211.107.53.129:53 12.x.x.x:1398 211.107.53.129:53 DNS 3 sec. 81 125 Close - RESP
2008-07-30 22:34:35 192.168.x.x:59693 202.99.166.5:53 12.x.x.x:2409 202.99.166.5:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:51019 212.19.149.54:53 12.x.x.x:1469 212.19.149.54:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:49830 121.28.7.38:53 12.x.x.x:1751 121.28.7.38:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:55472 208.187.180.2:53 12.x.x.x:1191 208.187.180.2:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:53941 203.119.28.1:53 12.x.x.x:1332 203.119.28.1:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:65334 87.247.11.2:53 12.x.x.x:2211 87.247.11.2:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:50358 198.41.0.4:53 12.x.x.x:1776 198.41.0.4:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:57493 198.41.0.4:53 12.x.x.x:1166 198.41.0.4:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:35 192.168.x.x:49867 192.26.92.30:53 12.x.x.x:1936 192.26.92.30:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:34 192.168.x.x:58913 192.26.92.30:53 12.x.x.x:2783 192.26.92.30:53 DNS 1 sec. 77 224 Close - RESP
2008-07-30 22:34:33 192.168.x.x:61267 211.107.53.129:53 12.x.x.x:1398 211.107.53.129:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:33 192.168.x.x:51655 82.98.128.132:53 12.x.x.x:1860 82.98.128.132:53 DNS 0 sec. 0 0 Creation
2008-07-30 22:34:33 192.168.x.x:64088 203.83.159.1:53 12.x.x.x:1320 203.83.159.1:53 DNS 0 sec. 0 0 Creation

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

DNS issues- session limits- cache poisoning ?

350ztn

MIS

Similar threads

Part and Inventory Search

Sponsor