A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » The Basics
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

DNS question



 
 
Thread Tools Display Modes
  #1  
Old June 26th 10, 04:40 PM posted to microsoft.public.windowsxp.basics
thebluefox
external usenet poster
 
Posts: 7
Default DNS question

Greetings,

I have recently had an issue with the dns address on a windows xp
professional workstation... some background.

I have a windows domain environment, with sbs server 2003 R2 and 20 XP
pro workstations.

My work stations point to the server for DNS in the network settings
tcp/ip dialog box. My ip's are all static, as well as the gateway.

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it. I assume something at the server
level in group policy can handle this, but need some help in getting
there. Anything is greatly appreciated. Thanks.


-thebluefox
Ads
  #2  
Old June 26th 10, 04:54 PM posted to microsoft.public.windowsxp.basics
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default DNS question

thebluefox wrote:
I have recently had an issue with the dns address on a windows xp
professional workstation... some background.

I have a windows domain environment, with sbs server 2003 R2 and 20
XP pro workstations.

My work stations point to the server for DNS in the network settings
tcp/ip dialog box. My ip's are all static, as well as the gateway.

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it. I assume something at the
server level in group policy can handle this, but need some help in
getting there. Anything is greatly appreciated. Thanks.


Same answer as the one I put in another (non-corssposted bult multiposted
version) of your posts...

Since the user who got infested had to have administrative rights in order
to make such changes - your answer is that you cannot. Take away
administrative rights and do not use the computer daily with such rights.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #3  
Old June 26th 10, 04:54 PM posted to microsoft.public.windowsxp.basics
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default DNS question

thebluefox wrote:
I have recently had an issue with the dns address on a windows xp
professional workstation... some background.

I have a windows domain environment, with sbs server 2003 R2 and 20
XP pro workstations.

My work stations point to the server for DNS in the network settings
tcp/ip dialog box. My ip's are all static, as well as the gateway.

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it. I assume something at the
server level in group policy can handle this, but need some help in
getting there. Anything is greatly appreciated. Thanks.


Same answer as the one I put in another (non-corssposted bult multiposted
version) of your posts...

Since the user who got infested had to have administrative rights in order
to make such changes - your answer is that you cannot. Take away
administrative rights and do not use the computer daily with such rights.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #4  
Old June 26th 10, 10:24 PM posted to microsoft.public.windowsxp.basics
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default DNS question

thebluefox wrote:

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it.


You could use a network appliance to route all port 53 connects to your
own DNS server instead of the specified one. Obviously you don't want
to use software on the workstation because that's what gets infected and
anything you do there in software can be undone with other software.
You'll need to have all workstations go through a gateway or router than
can specify where all port 53 connects will go. If the malware points
changes the gateway, well, it won't be pointing at the only gateway in
your setup that permits Internet access by your workstations.
  #5  
Old June 26th 10, 10:24 PM posted to microsoft.public.windowsxp.basics
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default DNS question

thebluefox wrote:

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it.


You could use a network appliance to route all port 53 connects to your
own DNS server instead of the specified one. Obviously you don't want
to use software on the workstation because that's what gets infected and
anything you do there in software can be undone with other software.
You'll need to have all workstations go through a gateway or router than
can specify where all port 53 connects will go. If the malware points
changes the gateway, well, it won't be pointing at the only gateway in
your setup that permits Internet access by your workstations.
  #6  
Old June 29th 10, 11:30 AM posted to microsoft.public.windowsxp.basics
thebluefox
external usenet poster
 
Posts: 7
Default DNS question

On 6/26/2010 5:24 PM, VanguardLH wrote:
thebluefox wrote:

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it.


You could use a network appliance to route all port 53 connects to your
own DNS server instead of the specified one. Obviously you don't want
to use software on the workstation because that's what gets infected and
anything you do there in software can be undone with other software.
You'll need to have all workstations go through a gateway or router than
can specify where all port 53 connects will go. If the malware points
changes the gateway, well, it won't be pointing at the only gateway in
your setup that permits Internet access by your workstations.


Thanks for the tip, much appreciated!

-pat
  #7  
Old June 29th 10, 11:30 AM posted to microsoft.public.windowsxp.basics
thebluefox
external usenet poster
 
Posts: 7
Default DNS question


On 6/26/2010 5:24 PM, VanguardLH wrote:
thebluefox wrote:

A recent virus/malware renamed the dns address to some address in
russia. how can I lockdown the dns settings so that no program,
malware, etc. can make changes to it.


You could use a network appliance to route all port 53 connects to your
own DNS server instead of the specified one. Obviously you don't want
to use software on the workstation because that's what gets infected and
anything you do there in software can be undone with other software.
You'll need to have all workstations go through a gateway or router than
can specify where all port 53 connects will go. If the malware points
changes the gateway, well, it won't be pointing at the only gateway in
your setup that permits Internet access by your workstations.


Thanks for the tip, much appreciated!

-pat
  #8  
Old February 20th 11, 02:36 PM
smithamla smithamla is offline
banned
 
First recorded activity by PCbanter: Feb 2011
Posts: 9
Default

If you have manually adjusted your system to point to specific DNS IP addresses, either ATTBI DNS or 3rd party DNS, we advise you to restore your DNS settings so that you can get your DNS addresses via DHCP. We also advise you to restart your Windows XP or Windows 2000 DNS Service. After you have adjusted your system, you should release and renew your IP address (or more simply, just reboot your system) to fetch the new DNS address list from the server
  #9  
Old March 24th 11, 12:10 PM
marisatomei marisatomei is offline
banned
 
First recorded activity by PCbanter: Mar 2011
Posts: 5
Default

The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
  #10  
Old April 8th 11, 11:56 AM
iezek12 iezek12 is offline
Registered User
 
First recorded activity by PCbanter: Apr 2011
Posts: 1
Default

Its an awesome and amazing amazing post, really amazing work done
i like this effort too much
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 06:27 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.