Alfred Brown wrote:
Hi,
I am using Etherreal to monitor all the network packets being sent
by my PC.
I have noticed that my PC frequently sends 'DNS standard query SOA'
to the iana.org site.
Also have found a number of files from the c.\program files\etherreal
folder containing the 'iona.org' string.
Have you seen this ploblem before? and how do we stop such a
frequent DNS request?
Are you using RFC 1918 (aka "private") addresses locally? (These blocks
are 10/8, 172.16/12, and 192.168/16). If so, do you _not_ have reverse
DNS set up locally for these addresses?
On the public internet, the Internet Assigned Numbers Authority (IANA)
is listed as the DNS start of authority (SOA) for the private address
blocks listed in RFC 1918. If you're using private addressing and don't
have reverse DNS set up for those private blocks, then any reverse
resolution requests will go to IANA's servers. To keep this from
happening you can add zones for the RFC 1918 blocks to your local DNS
server. They don't neccessarily have to contain any PTR records; they
just have to exist.
When I run 'grep -irl iana.org "c:\Program Files\Ethereal"' on my
system, I get the following:
c:\Program Files\Ethereal/snmp/mibs/IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
c:\Program Files\Ethereal/snmp/mibs/IANA-LANGUAGE-MIB.txt
c:\Program Files\Ethereal/snmp/mibs/IANAifType-MIB.txt
c:\Program Files\Ethereal/snmp/mibs/INET-ADDRESS-MIB.txt
Is this what you're seeing? These are SNMP MIB files, and shouldn't
have anything to do with the SOA requests you're seeing. Due to its
nature, IANA shows up in a _lot_ of places including MIBs, RFCs, and
Ethereal source code files.