If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
DNS question
Greetings,
I have recently had an issue with the dns address on a windows xp professional workstation... some background. I have a windows domain environment, with sbs server 2003 R2 and 20 XP pro workstations. My work stations point to the server for DNS in the network settings tcp/ip dialog box. My ip's are all static, as well as the gateway. A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. I assume something at the server level in group policy can handle this, but need some help in getting there. Anything is greatly appreciated. Thanks. -thebluefox |
Ads |
#2
|
|||
|
|||
DNS question
thebluefox wrote:
I have recently had an issue with the dns address on a windows xp professional workstation... some background. I have a windows domain environment, with sbs server 2003 R2 and 20 XP pro workstations. My work stations point to the server for DNS in the network settings tcp/ip dialog box. My ip's are all static, as well as the gateway. A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. I assume something at the server level in group policy can handle this, but need some help in getting there. Anything is greatly appreciated. Thanks. Same answer as the one I put in another (non-corssposted bult multiposted version) of your posts... Since the user who got infested had to have administrative rights in order to make such changes - your answer is that you cannot. Take away administrative rights and do not use the computer daily with such rights. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#3
|
|||
|
|||
DNS question
thebluefox wrote:
I have recently had an issue with the dns address on a windows xp professional workstation... some background. I have a windows domain environment, with sbs server 2003 R2 and 20 XP pro workstations. My work stations point to the server for DNS in the network settings tcp/ip dialog box. My ip's are all static, as well as the gateway. A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. I assume something at the server level in group policy can handle this, but need some help in getting there. Anything is greatly appreciated. Thanks. Same answer as the one I put in another (non-corssposted bult multiposted version) of your posts... Since the user who got infested had to have administrative rights in order to make such changes - your answer is that you cannot. Take away administrative rights and do not use the computer daily with such rights. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#4
|
|||
|
|||
DNS question
thebluefox wrote:
A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. You could use a network appliance to route all port 53 connects to your own DNS server instead of the specified one. Obviously you don't want to use software on the workstation because that's what gets infected and anything you do there in software can be undone with other software. You'll need to have all workstations go through a gateway or router than can specify where all port 53 connects will go. If the malware points changes the gateway, well, it won't be pointing at the only gateway in your setup that permits Internet access by your workstations. |
#5
|
|||
|
|||
DNS question
thebluefox wrote:
A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. You could use a network appliance to route all port 53 connects to your own DNS server instead of the specified one. Obviously you don't want to use software on the workstation because that's what gets infected and anything you do there in software can be undone with other software. You'll need to have all workstations go through a gateway or router than can specify where all port 53 connects will go. If the malware points changes the gateway, well, it won't be pointing at the only gateway in your setup that permits Internet access by your workstations. |
#6
|
|||
|
|||
DNS question
On 6/26/2010 5:24 PM, VanguardLH wrote:
thebluefox wrote: A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. You could use a network appliance to route all port 53 connects to your own DNS server instead of the specified one. Obviously you don't want to use software on the workstation because that's what gets infected and anything you do there in software can be undone with other software. You'll need to have all workstations go through a gateway or router than can specify where all port 53 connects will go. If the malware points changes the gateway, well, it won't be pointing at the only gateway in your setup that permits Internet access by your workstations. Thanks for the tip, much appreciated! -pat |
#7
|
|||
|
|||
DNS question
On 6/26/2010 5:24 PM, VanguardLH wrote: thebluefox wrote: A recent virus/malware renamed the dns address to some address in russia. how can I lockdown the dns settings so that no program, malware, etc. can make changes to it. You could use a network appliance to route all port 53 connects to your own DNS server instead of the specified one. Obviously you don't want to use software on the workstation because that's what gets infected and anything you do there in software can be undone with other software. You'll need to have all workstations go through a gateway or router than can specify where all port 53 connects will go. If the malware points changes the gateway, well, it won't be pointing at the only gateway in your setup that permits Internet access by your workstations. Thanks for the tip, much appreciated! -pat |
#8
|
|||
|
|||
If you have manually adjusted your system to point to specific DNS IP addresses, either ATTBI DNS or 3rd party DNS, we advise you to restore your DNS settings so that you can get your DNS addresses via DHCP. We also advise you to restart your Windows XP or Windows 2000 DNS Service. After you have adjusted your system, you should release and renew your IP address (or more simply, just reboot your system) to fetch the new DNS address list from the server
|
#9
|
|||
|
|||
The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
|
#10
|
|||
|
|||
Its an awesome and amazing amazing post, really amazing work done
i like this effort too much |
Thread Tools | |
Display Modes | |
|
|