Security Incidents mailing list archives
Re: DNS question ?
From: "Benninghoff, John" <JaBenninghoff () DAINRAUSCHER COM>
Date: Fri, 9 Feb 2001 11:32:21 -0600
The default configuration for Windows 2000 (Win2k only - not NT) is to "Register this connection's address in DNS." This means it sends a DDNS update every time it starts up and/or connects via remote access dialin. People from other ISPs have noticed the same thing. It is most likely that these updates are from Windows 2000 computers. -----Original Message----- From: Evensen Lars Christian [mailto:Lars.Christian.Evensen () NETCOM-GSM NO] Sent: Thursday, February 08, 2001 4:04 AM To: INCIDENTS () SECURITYFOCUS COM Subject: DNS question ? Hi After scanning thru our DNS security log, i notice a lot of entries on the form notice; denied update from [xxx.yyy.zzz.www] for "zzz.yyy.xxx.in-addr.arpa". All these IP-addresses belong to our dialin nodes. I have been told that this is probably windows 2000/NT trying to announce it self to the nameserver. Do anyone know if this is the case, or is this a more serious issue i have on my hands. Regards Lars Evensen
Current thread:
- DNS question ? Evensen Lars Christian (Feb 10)
- <Possible follow-ups>
- Re: DNS question ? Abe Getchell (Feb 10)
- Re: DNS question ? Benninghoff, John (Feb 10)