Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tons of AdServers/spyware in DNS

Status
Not open for further replies.
egnilk66

egnilk66

IS-IT--Management
Mar 2, 2005
48
US
I just opened up the DNS server at one of our remote Brick/Mortar sites, the entries are full of Ad/Spam sites...

The Router/Firewall is using the ISP's DNS servers and the LAN workstations all use an internal DNS. I don't get it... then again, I'm no DNS guru.
 
Sort by date Sort by votes
The entries were in the Cached Lookups. I am now wondering what the possible issues are that could be causing this... Tons of spyware trying to reach it's home?? I hate spyware!
 
Upvote 0 Downvote
well.. if they are in your cashed lookups.. and your computer is not infected.. someone’s computer prob is.. and every time a user goes to access the internet, to used your DNS, so forward the query to a DNS server that can resolve a host name to a IP.. so it cashes that link..

so if a user has spiwear, and that spiwear is trying to access the internet.. that prob what your seeing..

i would install spybot on every computer on the network.. to make sure your good..
 
Upvote 0 Downvote
Those are exactly the thoughts that I had. Thanks for the input.


DJK
 
Upvote 0 Downvote
and..................
what you could also do is make a copy of all these hostnames

add the zones to your dns server and the ip address 127.0.0.1
that way they'll never be resolved again ;-)

Aftertaf

"Solutions are not the answer." - Richard Nixon
 
Upvote 0 Downvote
What kind of overhead does that create?
 
Upvote 0 Downvote
And....How do i add them? Do I add them as Host files in the forward look up?
 
Upvote 0 Downvote
add them as a forward lookup hence the name.. it will look at the host name of say.. hotbot.com and when you change the ip from 69.169.34.125 to 127.0.0.1 it will not find anything.. except a local host page..

also.. if you have an webpage.. you can have it jump to that by putting the IP of your organizations webpage in there..
 
Upvote 0 Downvote
NONO.. wait.. you want to creat a HOST A file.. i think lol.. i am brain dead right now..sorry.. lol
 
Upvote 0 Downvote
wait.. now i am confused..YA.. how do you do that.. :p i need a mem refresher lol
 
Upvote 0 Downvote
ya.. so am i lol.. i am trying to figure it out.. i have done it before..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
willowsmith
  • Locked
  • Question
How do I log in to my NETGEAR home router?
Replies
1
Views
11K
ellisroks321
ellisroks321

Part and Inventory Search

Sponsor

Back
Top