[dns-operations] Odd queries from win2k3 box with MSDNS and IPv6
Mark Andrews
marka at isc.org
Wed Jun 22 22:17:17 UTC 2011
In message <4E021536.4030106 at 2mbit.com>, Brielle Bruns writes:
> On 6/22/11 10:00 AM, Jeroen Massar wrote:
> > On 2011-06-22 17:31 , Brielle Bruns wrote:
> >> Hello All,
> >>
> >> I asked this question on another list, but got no answer, so I figured
> >> I'd try here.
> >>
> >>
> >> We're seeing alot of weird A record queries from a MS DNS server on
> >> Win2k3 (yes, I know, it wasn't my choice to run these). For example,
> >>
> >>
> >> ::1.somedomain.com
> >
> > What is the record type this is being asked for? Also, you might want to
> > index a little bit what tools are running on the host and check if the
> > hosts file in %WINDOWS%\system32\drivers\etc\hosts contains the ::1 or not.
>
>
> Thanks Jeroen.
>
>
> Its looking for A records - only noticed it while doing a protocol dump
> trying to figure out why stats on two recursors for query failures was
> so high.
>
> Hosts file ended up being clean, nothing there relating to v6.
>
> However, the machine in question is running BackupExec and the Meinberg
> NTP server. I'm going to take the server down for a little bit after
> hours and try and figure out if its one of those two.
>
> Given that MS's own services support ipv6 even if their console snapins
> and GUIs don't, I'm inclined to not think its SQL server or another MS
> service.
Some piece of software that is not IPv6 aware will have "::1" in
the host field of its configuration. Search the registry for
"::1". That should give you some candidates to check. Otherwise
it is a full disk search.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list