Cbac and dns requests

can anyone tell me why my dns requests on cbac are not working, I allowed everything from inside out, but dns requests are not allowed for some reasons...
Building configuration...
Current configuration : 3265 bytes
! Last configuration change at 08:47:57 UTC Thu Jun 14 2012 by admin
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname oecl
boot-start-marker
boot-end-marker
logging buffered 64000
enable secret 5 $1$kIPV$0ixUVG.EY10hIznM/HN5z/
aaa new-model
aaa authentication login default local-case
aaa session-id common
no ipv6 source-route
no ipv6 cef
no ip source-route
ip cef
ip dhcp excluded-address 10.28.3.1 10.28.3.2
ip dhcp excluded-address 10.28.4.1 10.28.4.2
ip dhcp pool OEC2al
network 10.28.3.0 255.255.255.0
default-router 10.28.3.1
dns-server 10.28.3.1
domain-name oec2al.co.uk
lease 5
ip dhcp pool Wellmax
network 10.28.4.0 255.255.255.0
default-router 10.28.4.1
dns-server 10.28.4.1
lease 5
no ip bootp server
ip name-server 8.8.8.8
ip name-server 4.2.2.5
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall icmp
multilink bundle-name authenticated
crypto pki token default removal timeout 0
license udi pid CISCO2911/K9 sn FCZ1605705Q
username admin secret 5 $1$L94s$LrPxn0IWRRu74KEQvlWIL/
redundancy
ip tcp selective-ack
ip tcp timestamp
ip tcp path-mtu-discovery
interface Loopback1
ip address 1.1.1.1 255.255.255.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description WAN
ip address 10.28.9.241 255.255.255.0
ip access-group 102 in
ip nat outside
ip inspect firewall out
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
no cdp enable
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 10.28.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no cdp enable
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 10.28.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no cdp enable
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.28.9.251
access-list 5 remark -=VTY local access=-
access-list 5 permit 10.28.3.0 0.0.0.255
access-list 100 remark -=NAT access=-
access-list 100 permit ip 10.28.0.0 0.0.255.255 any
access-list 101 remark -=VTY access restriction=-
access-list 101 permit ip host 181.143.217.54 any
access-list 102 remark -=Local firewall=-
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any echo-reply
access-list 102 permit ip host 181.143.217.54 any
no cdp run
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 5 in
transport input ssh
scheduler allocate 20000 1000
end

I have set up two public dns servers, it works ok until i enable access-list 102, i solved this problem by adding to acl 102 entry permit tcp any eq 53 any, but on different router (also 2911) everything was ok and cbac and same config were similar. What could be wrong?

Similar Messages

Deleted failed DC from the domain (Server 2012 R2) - Now after doing metadata and DNS cleanup, I can no longer promote a new DC to the domain

I work for a university and teach IT courses to undergrad and graduate students. The details below are pertaining an isolated lab environment
I had a storage failure in my lab and the DCs became corrupt. This is a university lab environment so there isn't anything crucial on here. I just would rather avoid rebuilding the domain/forest and would rather use this as a learning experience with my
students...
So after the storage failed and was restored, the VMs hosted became corrupt. I did a NTDSUTIL to basically repair the NDTS.dit file but one of my DCs reverted to a state before DC promotion. Naturally, the domain still had this object in AD. After numerous
failed attempts at trying to reinstall the DC on the server through the server manager wizard in 2012 R2, I decided that a metadata cleanup of the old failed object was necessary.
Utilizing this article, I removed all references of the failed DC from both AD and DNS (http://www.petri.com/delete_failed_dcs_from_ad.htm)
So now that the failed object is removed completely from the domain and the metadata cleanup was successful, I then proceeded to re-install the necessary AD DS role on the server and re-promote to the existing domain. Pre-Requisites pass but generate some
warning around DNS Delgation, and Dynamic Updates (delegation is ignored because the lab is isolated from external comms, and dynamic updates are in fact enabled on both my _msdcs and root domain zones).
Upon the promotion process, I get the following error message (also worth mentioning - the account performing these operations is a member of DA, EA, and Schema Admins)
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=domainVMDC1,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu on the remote AD DC domainVMDC2. Ensure the provided network credentials have sufficient permissions.
"While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync."
As you can see, this error seems odd considering. Now that I'm down to a single DC and DNS server, the sync should be corrected. I've run a repadmin /syncall and it completed successfully. Since then, I've run dcdiags and dumped those to a text as well and
here are my results...
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = domainVMDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
......................... domainVMDC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Advertising
......................... domainVMDC2 passed test Advertising
Starting test: FrsEvent
......................... domainVMDC2 passed test FrsEvent
Starting test: DFSREvent
......................... domainVMDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... domainVMDC2 passed test SysVolCheck
Starting test: KccEvent
......................... domainVMDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... domainVMDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... domainVMDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... domainVMDC2 passed test NCSecDesc
Starting test: NetLogons
......................... domainVMDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... domainVMDC2 passed test ObjectsReplicated
Starting test: Replications
......................... domainVMDC2 passed test Replications
Starting test: RidManager
......................... domainVMDC2 passed test RidManager
Starting test: Services
......................... domainVMDC2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001795
Time Generated: 12/18/2014 00:35:03
Event String:
The program lsass.exe, with the assigned process ID 476, could not authenticate locally by using the target name ldap/domainvmdc2.domain.school.edu. The target name used is not valid. A target name should
refer to one of the local computer names, for example, the DNS host name.
......................... domainVMDC2 passed test SystemLog
Starting test: VerifyReferences
......................... domainVMDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=domain,DC=school,DC=edu) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Configuration failed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=domain,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... domain failed test CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: LocatorCheck
......................... domain.school.edu passed test
LocatorCheck
Starting test: Intersite
......................... domain.school.edu passed test Intersite
From what I can gather, there is a definite DNS issue but I don't have any stale records to the old DC stored anywhere. I've tried this with a new server as well and get similar errors...
At this rate I'm ready to rebuild the entire forest over again. I'm just reluctant to do so as I want to make this a learning experience for the students.
Any help would be greatly appreciated. Thanks!

As you can see, there seems to be some errors. The one that I did correct was the one around the _msdcs NS record being unable to resolve. For whatever, reason the name wasn't resolving the IP but all other NS tabs and records were. Just that one _msdcs
sub-zone. Furthermore, the mentioning of any connections to root hint servers can be viewed as false positives. There is no external comms to this lab so no communication with outside IPs can be expected. Lastly, they mentioned a connectivity issue yet mention
that I should check the firewall settings. All three profiles are disabled in Windows Firewall (as they have been the entire time). Thank you in advance for your help!
C:\Windows\system32>dcdiag /test:dns /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine domainVMDC2, is a Directory Server.
Home Server = domainVMDC2
* Connecting to directory service on server domainVMDC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=domainVMDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... domainVMDC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... domainVMDC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: DNS
Test results for domain controllers:
DC: domainVMDC2
Domain: domain.school.edu
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS
Microsoft Windows Server 2012 R2 Datacenter (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:A2:2C:24
IP Address is static
IP address: *.*.100.26
DNS servers:
*.*.100.26 (domainVMDC2) [Valid]
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid (unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid (unreachable)]
Name: d.root-servers.net. IP: 199.7.91.13 [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid (unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid (unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid (unreachable)]
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
TEST: Delegations (Del)
Delegation information for the zone: domain.school.edu.
Delegated domain name: _msdcs.domain.school.edu.
Error: DNS server: domainvmdc2. IP:<Unavailable>
[Missing glue A record]
[Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone domain.school.edu
Warning: Failed to delete the test record dcdiag-test-record in zone domain.school.edu
[Error details: 13 (Type: Win32 - Description: The data is invalid.)]
TEST: Records registration (RReg)
Network Adapter [00000010] vmxnet3 Ethernet Adapter:
Matching CNAME record found at DNS server *.*.100.26:
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.a9241004-88ea-422d-a71e-df7b622f0d68.domains._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._udp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kpasswd._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_gc._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.pdc._msdcs.domain.school.edu
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.91.13 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: *.*.100.26 (domainVMDC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: domain.school.edu
domainVMDC2 PASS FAIL FAIL FAIL WARN FAIL n/a
......................... domain.school.edu failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

WRT1900AC: Can it block DNS requests?

Hello,
Can the WRT1900AC block DNS request from devices in a home network to public DNS service like GoogleDNS? Can anyone tell me what steps are necessary to accomplish this?
I tried to follow instructions found on the web but I could not add static routes under Advanced Routing, I got errors either about the network submask or the Gateway (mine is 192.168.1.1 and is not accepted). i don't know what to enter in these fields and also what Interface to select (LAN/Wireless or Internet).
My firmware version is 1.1.8.164461.
I would appreciate any help.
Thank you,
Luiz
Solved!
Go to Solution.

Hi,
Thanks for replying. I haven't contacted support yet to confirm you suspicion, My cable modem is a Motorola SB6141. I have done some basic research that indicates that it is not capable of NAT.
However, I was able to configure a static route in my router,using the cable modem IP asgateway. After this my ping requests to Google DNS (8.8.8.8 and 8.8.4.4) started to fail. This is probably still not what I need. I don't understand why I can't save my router's IP as gateway as indicated here: http://help.unotelly.com/support/solutions/articles/193662-setup-static-routes-on-linksys-and-cisco-... This link alerts to a bug in Linksys routers but the error message I get is not "invalid static route" as indicated.
Thanks,
Luiz

Routing DNS requests in a zone to a default host

Hi,
What I'd like to do is to direct all DNS requests for non-existent hosts to a single host by default. So even if I haven't defined a hostname in my zone, the request will still resolve (to this default host). Any ideas?
Ben

It's possible to do via wildcard DNS, but you cannot do it via Server Admin (it doesn't permit the * for the wildcard name), therefore you have to get under the hood and edit your zone file directly.
You'll need to find your zone's domain file in /var/named and add a line like:
* IN A 1.2.3.4
(where 1.2.3.4 is, obviously, the IP address you want all unknown addresses to point to).
You'll also need to increment the serial number in the SOA record near the top of the file (otherwise your change won't be noticed)
Restart named (e.g. via killall -HUP named or via Server Admin), and now any lookup for an unknown host will return the specified address.

Oracle 11gR2 RAC VM and SCAN and DNS and /etc/hosts (two) setup questions

Hi,
I am looking forward to setting up two Oracle 11gR2 RAC instances
on my Oracle VM test machine.
I plan on using the Oracle 11gR2 RAC VM template.
I want the final Oracle 11gR2 RAC instances to have SCAN that uses DNS.
The DNS will be pre-installed in the JeOS.
My first simple question about the setup is the following.
In my DNS name file, for example,
/var/named/chroot/var/named/milkyway.univ.db
do I need to provide the racnode1 and racnode2 information,
for example,
# DNS name file (snippet)
myjeos IN A 192.168.1.150
racnode1 IN A 192.168.1.161
racnode1-vip IN A 192.168.1.163
racnode2 IN A 192.168.1.162
racnode2-vip IN A 192.168.1.164
rac-scan IN A 192.168.1.131
rac-scan IN A 192.168.1.132
rac-scan IN A 192.168.1.133
Or, can I just provide only the rac-scan information
# DNS name file alternate (snippet)
myjeos IN A 192.168.1.150
rac-scan IN A 192.168.1.131
rac-scan IN A 192.168.1.132
rac-scan IN A 192.168.1.133
What I am getting at is the following.
Within the install process, will racnode1, racnode1-vip, racnode2,
and racnode2-vip host names and their IP address be written
to the RAC instances /etc/hosts files? (So I should not bother
to put them in the DNS name file like '# DNS name file alternate (snippet)'?)
Or, should I put the racnode and racnode-vip host names and IP addresses
in the DNS name file like '# DNS name file (snippet)'?
The second question is the following.
Are the cluster name and the scan name allowed to be different?
Currently, I would plan them to be different,
for example, rac-cluster and rac-scan.
Or, are they required to be the same,
for example, rac-cluster and rac-cluster.
Thank you.
AIM

AIM wrote:
do I need to provide the racnode1 and racnode2 information,
Or, can I just provide only the rac-scan information You need to provide all of it in DNS, because other hosts in your network will need to be able to resolve all of the normal, VIP and SCAN addresses for your RAC nodes. We write this data out to /etc/hosts just to reduce the amount of round-trip DNS requests the cluster nodes make for themselves.
Are the cluster name and the scan name allowed to be different?They can be different.

DNS request timed out. timeout was 2 seconds. *** Request to self timed-out

I am having an issue with one of my domain controllers (Server 2012 R2). It is a DNS server as well and it times out 100% of then time when attempting connect to either of the two trusted forests that are setup as conditional forwarders. There is also a
delay or a time out the first few times when attempting to resolve an external site such as google.com. The domain controller functions fine. All routing seems to fine, because I can telnet on port 53 to the trusted forest's DCs. They can even use the problem
DNS server to resolve hosts. It just does work from my controller to the other forest. Here is an example of what is happening.
> external.forest.dc
Server: problem.local.dc
Address: 192.168.1.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to problem.local.dc timed-out
> external.forest.dc
Server: problem.local.dc
Address: 192.168.1.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to problem.local.dc timed-out
Google will resolve eventually resolve
> google.com
Server: problem.local.dc
Address: 192.168.1.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to problem.local.dc timed-out
> google.com
Server: problem.local.dc
Address: 192.168.1.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to problem.local.dc timed-out
> google.com
Server: problem.local.dc
Address: 192.168.1.8
Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:4006:808::1001
74.125.226.67
74.125.226.66
74.125.226.72
74.125.226.69
74.125.226.68
74.125.226.70
74.125.226.73
74.125.226.64
74.125.226.65
74.125.226.71
74.125.226.78
The other DC works as it should:
> external.forest.dc
Server: working.local.dc
Address: 192.168.1.7
Non-authoritative answer:
Name: external.forest.dc
Address: 10.1.1.1
There is a firewall between these networks, they connect via campus fiber. I created an any rule to rule that out. I am thinking the DNS server is corrupt, but I cannot figure it out.
Dcdiag /test:dns says everything is great.
Any suggestions?

Hi,
According to your description, my understanding is that the problem DC is configured with conditional forwarders to resolve names about other 2 trusted forests, and always times out. Besides, there is a delay or a time out the first few times when attempting
to resolve an external name.
Use NSlookup to confirm that if the conditional forwarder works. Open CMD on problem DC, type the command below and each line end with enter:
Nslookup
Server <IP address of the condition forwarder which used to resolve names on trust domain>
<name of the trust forest which you want to resolve>
If it works, try to increase time-out period:
Properties of Conditional Forwarders – Number of seconds before forward queries times out
– change the time.
If it doesn’t work, turn on exhaustive debugging mode. Open CMD on problem DC, type the command below and each line end with enter:
Nslookup
Set d2
Server <IP address of the condition forwarder which used to resolve names on trust domain>
<name of the trust forest which you want to resolve>
Post the result here.
Besides, for internet/external name resolving problem, we usually have another DNS server(except for DCs) which connected to Internet/external and used to resolve external/Internet names. And on DCs, configure forwarder and use forwarder to resolve external/Internet
names. If it is your case, check the forwarder setting on the problem DC, or use ping to test the network connectivity. Confirm that if the delay of name resolving caused by network delay.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

DNS request timed out. timeout was 2 seconds

Hi
Why it is saying DNS request timed out was 2 seconds and showing the IPs under non-authoritative answers?
This is member DC windows 2008 R2. Primary DNS is set as 127.0.0.1 and secondary DNS is set to 192.168.10.6 which is main DC.
C:\Users\admin>nslookup filter-servers.mailguard.com.au
Server: localhost
Address: 127.0.0.1
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
Name:    filter-servers.mailguard.com.au
Addresses:50.23.252.165
199.193.116.73.. more

HI
Use ISP DNS servers and forward DNS query from internal DNS to ISP DNS servers,

DNS requests from Solaris 10 box to Bind/MySQL DNS server fail

We have some servers running solaris 9 and some running solaris 10. We also have a DNS server setup running BIND with the MySQL backend. When I query the DNS server from our solaris 9 boxes, they always work just fine. However, when I query the DNS server from our solaris 10 boxes, they always fail. Queries to other DNS servers from the Solaris 10 boxes work just fine - they only fail when being sent to this particular DNS server. Here's exactly what I'm doing:
ON SOLARIS 9 BOX:
bash-3.00$ nslookup google.com calo-sunset
Server: calo-sunset
Address: <IP_OF_DNS_SERVER>#53
Non-authoritative answer:
Name: google.com
Address: 64.233.187.99
Name: google.com
Address: 72.14.207.99
Name: google.com
Address: 209.85.171.99
ON SOLARIS 10 BOX:
bash-2.05$ nslookup google.com calo-sunset
*** Can't find server name for address <IP_OF_DNS_SERVER>: Non-existent host/domain
*** Default servers are not available
In the case of the SOLARIS 10 box, <IP_OF_DNS_SERVER> is correct - it knows the IP address of the DNS server, but apparently it doesn't recognize that it's actually a DNS server.
I am utterly perplexed by this. It seems to me that a DNS request is a DNS request, regardless of your OS. Clearly something is different from Solaris 9 to Solaris 10 though because the requests fail on all of our solaris 10 boxes, and they succeed on all of our Solaris 9 boxes. Incidentally, dig requests from the Solaris 10 box also fail, where they succeed on the Solaris 9 boxes.
I don't really know what other information I could offer that might be useful. If you have any information at all about this or ideas on what I might try to troubleshoot/fix it, I'd love to hear it. Thanks in advance.

First off, I am an idiot. I got this entire post backwards. The fact is that the DNS requests work swimmingly well on our Solaris 10 boxes. They fail on our Solaris 9 boxes. I don't know how I managed to read this post all of these times and not notice that I got that backwards. Nice.
In any case, I've found the problem. It was non-trivial to me because I am not terribly familiar with the inner-workings of DNS. To those who are, it may seem painfully obvious. To me it certainly was not.
The problem was that the DNS server (BIND 9 with MySQL backend) did not contain a reverse DNS entry for itself. Apparently this is a big problem for Solaris 9. I got a hint that this might be the cause when I turned on verbose debugging info when I ran nslookup (nslookup -d2). I had to add the PTR record for the DNS server itself. I don't know why Solaris 9 would require that a DNS server contain reverse DNS information about itself, but sure enough it does. As soon as I added that info, the Solaris 9 boxes were able to successfully query the DNS server. Very odd.
Anyway, I doubt anyone else will come across this problem, but if you do, now you know something that might fix it.
Edited by: dprater on Oct 7, 2008 8:09 PM

Need help with load balancing and DNS proxy

Hi,
I need help on how to configure my router so it will work with my DNS proxy and load balancing.
I have a Linksys LRT224 router. I have two broadband connections from two separate ISPs,500Mbps each (WAN1 & WAN2). WAN1 has a static IP and WAN2 is dynamic assigned. I use Unlocator (www.unlocator.com) so I can access geographically restricted sites (Pandora, Netflix, etc.).
The problem I have is that unlocator registers only one IP address (WAN1 address) and since I am doing load balancing I have no way of knowing if the DNS request will go through the registered IP (WAN1) or through the other (WAN2). I am not an expert in routing or networking but I'm guessing I have a way of configuring the router so all the DNS requests go out through WAN1, right?
In the router's Dual WAN config page there is a section for Protocol Binding. I tried to configure but only managed to screw up the internet at home. I used:
DNS[UDP/53-53]->192.168.1.1-192.168.1.254(0.0.0.0-0.0.0.0)WAN2
Any help or suggestions are appreciated.
Alex

Good solution though. That's probably the only way you could do true Load Balancing anyway.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support

Need help with load balancing and DNS proxy -Repost

Hi,
I need help on how to configure my router so it will work with my DNS proxy and load balancing.
I have a Linksys LRT224 router. I have two broadband connections from two separate ISPs,500Mbps each (WAN1 & WAN2). WAN1 has a static IP and WAN2 is dynamic assigned. I use Unlocator (www.unlocator.com) so I can access geographically restricted sites (Pandora, Netflix, etc.).
The problem I have is that unlocator registers only one IP address (WAN1 address) and since I am doing load balancing I have no way of knowing if the DNS request will go through the registered IP (WAN1) or through the other (WAN2). I am not an expert in routing or networking but I'm guessing I have a way of configuring the router so all the DNS requests go out through WAN1, right?
In the router's Dual WAN config page there is a section for Protocol Binding. I tried to configure but only managed to screw up the internet at home. I used:
DNS[UDP/53-53]->192.168.1.1-192.168.1.254(0.0.0.0-0.0.0.0)WAN2
Any help or suggestions are appreciated.
Alex

Good solution though. That's probably the only way you could do true Load Balancing anyway.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support

Are DNS requests intercepted?

Hi,
There's a site I'm trying to get to, but when I type in the address & go I always end up at a different site.
I've asked local friends whether they have the same problem & they don't.
I've flushed the dns cache on my pcs (I have the same problem no matter which one I use).
I've restarted the router (which supposedly clears the dns cache there).
I've tried using my phone to go the wireless route.
I always end up at the wrong address.
Thinking it might be an error in the BT DNS server's info I tried changing the dns servers on my PC to Google's and then OpenDNS.
I still end up at the wrong page.
What I'm wondering is whether changing the dns settings on my PCs actually has any effect.
Does BT intercept dns requests & route them through their own servers?
Many thanks.

pauliolio wrote:
Hi,
There's a site I'm trying to get to, but when I type in the address & go I always end up at a different site.
I've asked local friends whether they have the same problem & they don't.
I've flushed the dns cache on my pcs (I have the same problem no matter which one I use).
I've restarted the router (which supposedly clears the dns cache there).
I've tried using my phone to go the wireless route.
I always end up at the wrong address.
Thinking it might be an error in the BT DNS server's info I tried changing the dns servers on my PC to Google's and then OpenDNS.
I still end up at the wrong page.
What I'm wondering is whether changing the dns settings on my PCs actually has any effect.
Does BT intercept dns requests & route them through their own servers?
Many thanks.
Hi.
If, by altering the DNS server, you end up at the same place - this indicates it's a local issue.
Can you say what the website is ? If you don't wish it to be public, send me a private message with the website and I'll investigate.
http://www.andyweb.co.uk/shortcuts
http://www.andyweb.co.uk/pictures

Nslookup: DNS request timed out. time out was 2 seconds. (When the primary DNS is down)

Hi All,
I have set up 2 Windows Server 2012 domain controllers (DCA & DCB). DCA points at DCB as the primary DNS, and itself as the alternate DNS. DCB points at DCA as the primary DNS, and itself as the alternate DNS.
When both DCs are running and if I do an nslookup on DCA: The result is as follows:
Default Server: dcb.testdomain.com
Address: 30.30.30.2
nslookup on DCB:
Default Server: dca.testdomain.com
Address: 30.30.30.1
Client PC (Windows 7 Pro):
1st DNS : 30.30.30.31
Alternate DNS: 30.30.30.32
nslookup on the client PC
Default Server: dca.testdomain.com
Address: 30.30.30.1
Up to here everything is fine. Now if I turn off DCA, and do an nslookup, the result is as follows:
DCB nslookup:
DNS request timed out.
time out was 2 seconds.
Default Server Unknown
Address: 30.30.30.31
Client PC nslookup:
DNS request timed out.
time out was 2 seconds.
Default Server Unknown
Address: 30.30.30.31
I waited for more than 15 minutes an tried again, it didn't help.
I have been reading a few similar posts on this matter, but couldn't find the answer.
I would expected it to display the DCB when I do an nslookup.
Question 1: Shouldn't that display DCB rather than displaying a time out message when I do nslookup?
Question 2: The fact that it displays a time out message, does it mean that more configuration needs to be done? If so please kindly advice what needs to be done.
I did an ipconfig /displaydns command. I realized that the order of DNS have changed on both DCB and the Client PC:
Now, they both display DCB on the top of the list, whereas they were displaying DCA on the top of the list prior to the shut down.
Question 3: Does it mean that the Client PC now knows that the 1st DNS is down and so it's using the 2nd DNS?
If so, why does the nslookup display the time out message?
Question 4: Is it possible to configure either of DNS Server or the DNS client, so it displays the 2nd DNS when the first DNS is not accessible and when I do nslookup?
Thank you for.

Hi Ton_2013,
Based on my understanding, the issue we are experiencing is that: when the primary DNS server is down, the result of the tool Nslookup is to diaplay the time out message at first. Right?
Based on my knowledge, timed out message is means that the server did not respond to a request after a certain amount of time and a certain number of retries. Because the primary DNS server is down, it can't respond to this request and time is out. When
the primary DNS server can't respond, the secondary DNS server works to ensure effective work. And the order is changed as you said.
As to the reason why the result is still the same even when the order has changed, we can try to use Network Monitor to capture network traffic and view and analyze it to find the cause. And the cause may be the cache. For your information, please refer
to the following link to download the tool Network Monitor:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
Regards,
Lany Zhang

SL constantly making DNS requests for "local" ?

I've been troubleshooting a problem with my DSL router crashing and noticed that my Macs continuously, even when idle, have nearly 200 open connections at any given time, whereas my Windows boxes peak at 50 and drop down to under 10 when idle. The Macs are running SL 10.6.2.
Poking around in the router logs, I found that the Macs are constantly making udp DNS requests to my router, even when I'm not browsing or doing anything else. tcpdump of udp and port 53 gives me the following:
00:21:53.371671 IP 192.168.0.8.59304 > 192.168.0.1.53: 18151+ SOA? local. (23)
00:21:53.674232 IP 192.168.0.8.49916 > 192.168.0.1.53: 48169+ SOA? local. (23)
00:21:53.977128 IP 192.168.0.8.52735 > 192.168.0.1.53: 25906+ SOA? local. (23)
00:21:54.279836 IP 192.168.0.8.60409 > 192.168.0.1.53: 18252+ SOA? local. (23)
00:21:54.582518 IP 192.168.0.8.52350 > 192.168.0.1.53: 61085+ SOA? local. (23)
00:21:54.885866 IP 192.168.0.8.62450 > 192.168.0.1.53: 21082+ SOA? local. (23)
00:21:55.189449 IP 192.168.0.8.56146 > 192.168.0.1.53: 32869+ SOA? local. (23)
00:21:55.494834 IP 192.168.0.8.50517 > 192.168.0.1.53: 19194+ SOA? local. (23)
00:21:55.797551 IP 192.168.0.8.52035 > 192.168.0.1.53: 7558+ SOA? local. (23)
00:21:56.100390 IP 192.168.0.8.52101 > 192.168.0.1.53: 40847+ SOA? local. (23)
00:21:56.403436 IP 192.168.0.8.52194 > 192.168.0.1.53: 6087+ SOA? local. (23)
00:21:56.706299 IP 192.168.0.8.52347 > 192.168.0.1.53: 9339+ SOA? local. (23)
00:21:57.009058 IP 192.168.0.8.56200 > 192.168.0.1.53: 25553+ SOA? local. (23)
00:21:57.312098 IP 192.168.0.8.51976 > 192.168.0.1.53: 20703+ SOA? local. (23)
00:21:57.616665 IP 192.168.0.8.54563 > 192.168.0.1.53: 54141+ SOA? local. (23)
00:21:57.923536 IP 192.168.0.8.65097 > 192.168.0.1.53: 45734+ SOA? local. (23)
00:21:58.226243 IP 192.168.0.8.54125 > 192.168.0.1.53: 33647+ SOA? local. (23)
00:21:58.529128 IP 192.168.0.8.54571 > 192.168.0.1.53: 17218+ SOA? local. (23)
00:21:58.831897 IP 192.168.0.8.60218 > 192.168.0.1.53: 48469+ SOA? local. (23)
00:21:59.135020 IP 192.168.0.8.60466 > 192.168.0.1.53: 37003+ SOA? local. (23)
00:21:59.437998 IP 192.168.0.8.58798 > 192.168.0.1.53: 17670+ SOA? local. (23)
00:21:59.741022 IP 192.168.0.8.60276 > 192.168.0.1.53: 47469+ SOA? local. (23)
00:22:00.055207 IP 192.168.0.8.57066 > 192.168.0.1.53: 20384+ SOA? local. (23)
00:22:00.360458 IP 192.168.0.8.50152 > 192.168.0.1.53: 29721+ SOA? local. (23)
00:22:00.663357 IP 192.168.0.8.63487 > 192.168.0.1.53: 35833+ SOA? local. (23)
00:22:00.966073 IP 192.168.0.8.64900 > 192.168.0.1.53: 34951+ SOA? local. (23)
00:22:01.271649 IP 192.168.0.8.64314 > 192.168.0.1.53: 25719+ SOA? local. (23)
00:22:01.574530 IP 192.168.0.8.55922 > 192.168.0.1.53: 5842+ SOA? local. (23)
00:22:01.877146 IP 192.168.0.8.51874 > 192.168.0.1.53: 59071+ SOA? local. (23)
00:22:02.179921 IP 192.168.0.8.56913 > 192.168.0.1.53: 43487+ SOA? local. (23)
00:22:02.482738 IP 192.168.0.8.62907 > 192.168.0.1.53: 26628+ SOA? local. (23)
00:22:02.785409 IP 192.168.0.8.51599 > 192.168.0.1.53: 57463+ SOA? local. (23)
00:22:03.088321 IP 192.168.0.8.60417 > 192.168.0.1.53: 8857+ SOA? local. (23)
00:22:03.391227 IP 192.168.0.8.57872 > 192.168.0.1.53: 36002+ SOA? local. (23)
00:22:03.694211 IP 192.168.0.8.58774 > 192.168.0.1.53: 1662+ SOA? local. (23)
192.168.0.8 is my Mac and 192.168.0.1 is my DSL router. The Mac is ip'd using DHCP on the router. The router sends DNS requests from my clients out to my ISPs DNS servers.
Eventually, the DNS requests timeout and I get this:
00:21:43.145103 IP 205.171.3.65.53 > 192.168.0.8.52959: 38258 NXDomain 0/1/0 (98)
00:21:43.450086 IP 205.171.3.65.53 > 192.168.0.8.55938: 46832 NXDomain 0/1/0 (98)
00:21:43.763304 IP 205.171.3.65.53 > 192.168.0.8.50265: 62399 NXDomain 0/1/0 (98)
00:21:44.049705 IP 205.171.3.65.53 > 192.168.0.8.59991: 5960 NXDomain 0/1/0 (98)
It's a never-ending cycle that eventually kills my router.
If I'm reading the tcpdump output correctly, SL appears to be looking for some server named "local" 3 times every second. The TTL is roughly 90 seconds, so 3 requests/second gets me to an average of 180 connections at any give time -- which is approximately what my router is showing. If I do start browsing the connection count goes even higher. Trying to use both Macs at the same time has caused my router to crash due to running out of memory (it's obviously a very weak router .
Can someone give me some insight into what SL is doing and how I can stop this?
Thanks,
Randy

Does this server handle DNS requests?
If so, make sure under the local static IP for DNS servers you can try 127.0.0.1, and server IP.
Under the DNS tab make sure you have the ISP IP's under forwarder.
As a safety open terminal and run
su changeip -checkhostname

DNS request when Anyconnect launch the tunnel

Hi, just a quick question, I am trying Anyconnect client v3.1.03103-k9. I would like to setup an ipsec tunnel on a private ip, the IP has no dns entry. If I specify the IP address and try to connect the tunnel does not come up as there is a dns request to resolve the entry. Can I bypass this dns request ?
Thanks,
Jerome

Can i e-mail you the config file? I will also e-mail as soon as possible a network capture in front of the CSS. Where can i e-mail it? For the moment dns is working so i will have to wait for network capture untill it fails again.
Kind regards,
Frederik De Muyter
[email protected]

DNS request for Adobe

I was running Wireshark (checking something else) and noticed that every 90 seconds there is a DNS request/response for www.adobe.com. The requests continue withour Adobe Reader running. Two things puzzle me: What is doing it? Why is it doing it?
Normally following a DNS request you would expect to see some sort of activity at the TCP or UDP level to the resolved address, but here there is none.
AK

Good suggestion, but all it can tell me is what makes the dns request - lookupd - it doesn't say what process asked it to make the request.
I had already turned off Adobe Reader, without stopping the requests, so I tried Mail, which also had no effect. Next went Safari, and the requests stopped, and restarting Safari didn't restart them, at least not so far.
Strange.
AK

Cbac and dns requests

Similar Messages

Maybe you are looking for