Security Incidents mailing list archives

Re: DNS question ?

From: "Benninghoff, John" <JaBenninghoff () DAINRAUSCHER COM>
Date: Fri, 9 Feb 2001 11:32:21 -0600

The default configuration for Windows 2000 (Win2k only - not NT) is to
"Register this connection's address in DNS." This means it sends a DDNS
update every time it starts up and/or connects via remote access dialin.
People from other ISPs have noticed the same thing.

It is most likely that these updates are from Windows 2000 computers.

-----Original Message-----
From: Evensen Lars Christian
[mailto:Lars.Christian.Evensen () NETCOM-GSM NO]
Sent: Thursday, February 08, 2001 4:04 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: DNS question ?


Hi

After scanning thru our DNS security log, i notice a lot of entries on the
form

notice; denied update from [xxx.yyy.zzz.www] for "zzz.yyy.xxx.in-addr.arpa".

All these IP-addresses belong to our dialin nodes.

I have been told that this is probably windows 2000/NT trying to announce it
self to the nameserver. Do anyone know if this is the case, or is this a
more serious issue i have on my hands.

Regards
Lars Evensen

Current thread:

DNS question ? Evensen Lars Christian (Feb 10)
- <Possible follow-ups>
- Re: DNS question ? Abe Getchell (Feb 10)
- Re: DNS question ? Benninghoff, John (Feb 10)