RE: Win2k Machine contacting Root Server???

[Alex <incidents () alex gotdns org>]

Yes, I thought about this, but does it makes sense that it is contacting 
*the* DNS root servers???  I thought this was odd.

Thanks,

-Alex

On Fri, 24 Mar 2006, Adrian Marsden wrote:

> I believe you will find there is a setting that tells a Win2k server to try TCP if UDP fails for DNS resolution. Maybe 
> the UDP was failing and the box was doing as it was told.
>
>
> -----Original Message-----
> From:   Alex [mailto:incidents () alex gotdns org]
> Sent:   Fri 3/24/2006 1:53 AM
> To:     incidents () securityfocus com
> Cc:
> Subject:        Win2k Machine contacting Root Server???
>
> Hi,
>
> I recently ran "netstat" on my personal laptop (running Win2k) and was
> shocked to see that it had been making TCP connections to the root servers
> (to their domain port). I know that some DNS queries are performed using
> TCP, but I find it somewhat disturbing that the root servers were
> involved.
>
> I did a little googling and found a few remarks that Win2k machines
> sometimes do this...   But mine has the lastest updates....
>
> So I'm a little concerned.  Is this normal operation for a win2k machine,
> or could something more amiss be going on?    Norton Antivirus and SpyBot
> Search & Destory didn't find anything wrong.
>
> Thanks
>
> -Alex
>
> (I realize this is probably a normal thing,  but I still find it
> disturbing)