RE: Discard DNS requests?

• From: "William Robertson" <william.robertson@xxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 25 Aug 2005 11:22:54 +0200

Thanks Jim. I'm doing the logging and following up on individual cases.

Just wanted to know if there was something I was missing.

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: 25 August 2005 07:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Discard DNS requests?

http://www.ISAserver.org

Ok - think about this for just one second.
Gator - whogives a rats a$$
Akamai - you'll block about 1/3 of the big sites on the Internet.

Instead of firing the shotgun to kill the fly by creating a boatload of
DNS zones (which Will Not stop web proxy requests), block them in the
ISA policies.

As far as the DNS traffic - start logging.
See who is making the name lookups.

Domain sets; URL sets - learn them, use them.

-----Original Message-----
From: William Robertson [mailto:william.robertson@xxxxxxxxxx] 
Sent: Tuesday, August 23, 2005 9:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Discard DNS requests?

http://www.ISAserver.org


If I understand you correctly...
My client workstations are making "legitimate" (I.e. non virus/worm
related)
calls to domains such as AKAMAI and GATOR. There are a few others but
these
2 appear to be top of the list.

My ISA Firewall is going to stop these requests once they eventually get
to
him, but I'm hoping that I can simply kill the requests at my DNS server
already... save everyone a lot of time.

I am aware that I should also be identifying the culprit workstations
and
cleaning them up, but this is a very reactive approach, one which I hope
to
resolve once the Microsoft Anti-Spyware tool is officially released.

Thanks
William R.

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: 23 August 2005 08:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Discard DNS requests?

http://www.ISAserver.org

I would first of all find out what is generating the requests FROM your
DNS servers.

S 

-----Original Message-----
From: William Robertson [mailto:william.robertson@xxxxxxxxxx] 
Sent: Tuesday, August 23, 2005 1:37 PM
To: ISA Mailing List
Subject: [isalist] Discard DNS requests?

http://www.ISAserver.org


Hi there

This is slightly off-topic, but the problem was identified as a result
my firewalling troubleshooting, so I'm hoping someone may have some
insight for me...

I have discovered that my 2 DNS servers are seriously whacking my
internet link, with what appears to be "legitimate" traffic, in that it
is UDP53 traffic.

What gets me though is that the utilization is so high, that I've
started debugging my DNS traffic, and I see that many requests are for
sites which are in any case going to be blocked by my Firewall when the
HTTP request eventually gets there. E.g. Advertisements etc websites.

So my question is this, is it at all possible to create a "deny list"
for my DNS server saying that certain DNS requests must just be totally
ignored?

I can maybe create a DNS zone for each address/site that I want to block
with some dodgy private IP Address, thus preventing it from being
forwarded to my ISP's DNS servers, but that could result in some serious
overhead...

Any other ideas??

Thanks
William R.


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and opinions
are those of the sender unless clearly stated as being that of Columbus
Stainless. The person addressed in the e-mail is the sole authorised
recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the content
in any way. Whilst all reasonable steps are taken to ensure the accuracy
and integrity of information and data transmitted electronically and to
preserve the confidentiality thereof, no liability or responsibility
whatsoever is accepted if information or data is, for whatever reason,
corrupted or does not reach its intended destination.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is, for whatever reason, corrupted or does not reach its intended
destination.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is, for whatever reason, corrupted or does not reach its intended
destination.

Other related posts:

• » Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?
• » RE: Discard DNS requests?

1. Home
2. isalist
3. Archive
4. 08-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---