2k server generating some weird traffic

[FiberOptik]

Hey all, I'm a student at a University and they are giving a software package to all students. This package contains an upgrade version of 2k server so I installed it and started messing around with it. I noticed that it's been generating lots of traffic to the following IPs: 192.5.6.30 and 192.175.48.1. I'm sure it's generating this traffic for a reason, does anyone know why? The above two IPs resolve to the following addresses.

192.5.6.30 = a.gtld-servers.net
192.175.48.1 = prisoner.iana.org

 

[Smilin]

You're hacked??

 

[FiberOptik]

No, I'm pretty sure I'm not hacked, I am behind a decent linux firewall. I think the above has something to do with win2k DNS as all the traffic generated on the above IPs is on port 53 (DNS). Is there a setting that I can enable within win2k DNS that will disable this traffic?

 

[bsobel]

Looks like you installed the dns server and have it set to do lookups against the root servers. Disable the DNS server or configure it to use forwarders to your local DNS if you want to kill this traffic.
Bill

 

[stash]

The second IP is the address for prisoner.iana.org. This is the primary DNS server that holds the zones for the three unroutable IP ranges (10.in-addr.arpa, 16.172.in-addr.arpa, and 168.192.in-addr.arpa).

So if your machine has an address in one of these ranges, it will try to register a PTR record with a DNS server. If you don't have a local DNS server with one of those zones, it will try to register with prisoner.iana.org, which will reject it.

This isnt anything to worry about.

Also, I believe the first IP is a DNS root server.