[Snort-users] DNS question

mosquitooth at ...158... mosquitooth at ...158...
Wed Apr 6 13:26:43 EDT 2005


I'm quite new to DNS (and network in general) so perhaps someone might be
able to help me with this question:

I currently have one Win2k3 server running in my LAN that is used as a file/
application server. This server should serve only the local computers of its
subnet (192.168.1.XX): the whole subnet is switched, DHCP/internet routing
is done by a Linksys router (all other clients and the server itself need
access to the internet occasionally). 

Now, everything works fine, but I've got the following question:
AFAIK, I should only see DNS traffic to the DNS server(s) of my ISP - and no
other DNS traffic (as I don't host a DNS server).

But, I've had some strange experience when I recently ran TcpView
(www.sysinternals.com) and ethereal. My Win2k3 server (the one I mentioned
above) connects to the root servers (e.g. 'l.root-servers.net:domain').
I cannot see any reason why this should happen - or did I get something
wrong during my DNS lessons?

thanks for any help

Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl

More information about the Snort-users mailing list