locked
2011 Root Hints RRS feed

  • Question

  • Hello,

    I'm attempting to lock down the DNS on my network to point only to my internal DNS server (not on WHS) and blocking all other queries, to follow security best practices and to help mitigate viruses, malware etc.  However I'm getting continued reports of WHS trying to hit root servers with DNS queries.  Additionally WHS now thinks I'm not connected to the internet.

    The indications I've found to disable them require the DNS role to be active on the server and I would like to avoid installing/activating it.

    Can anyone provide any guidance?

    Monday, September 26, 2011 4:36 PM

Answers

  • If you have remote access enabled, Windows Home Server periodically tests to make sure everything is okay. This is probably the source of your DNS queries, and off the top of my head there's no way to defeat it, maybe not even by installing DNS on your server. (Which, I'll note, is prohibited by the EULA, which speficially prohibits installing roles not configured by Microsoft. Not that I think Microsoft is going to hunt you down for it. :) )

    Blocking these queries at your firewall seems likely to cause the symptom you note: your home server will believe it's not connected to the internet. Remember that Windows Home Server isn't designed to be used in a large enterprise, where this type of network configuration is more common. The three products based on this code base are all designed for home, micro-, and small business use, where (usually) there's nobody with the knowledge to do this sort of configuration.

    Does Remote Access work otherwise, ignoring the reported issue? If so, I wouldn't worry too much about it.


    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by Jeremy_CA Thursday, September 29, 2011 6:13 PM
    Monday, September 26, 2011 6:02 PM

All replies

  • If you have remote access enabled, Windows Home Server periodically tests to make sure everything is okay. This is probably the source of your DNS queries, and off the top of my head there's no way to defeat it, maybe not even by installing DNS on your server. (Which, I'll note, is prohibited by the EULA, which speficially prohibits installing roles not configured by Microsoft. Not that I think Microsoft is going to hunt you down for it. :) )

    Blocking these queries at your firewall seems likely to cause the symptom you note: your home server will believe it's not connected to the internet. Remember that Windows Home Server isn't designed to be used in a large enterprise, where this type of network configuration is more common. The three products based on this code base are all designed for home, micro-, and small business use, where (usually) there's nobody with the knowledge to do this sort of configuration.

    Does Remote Access work otherwise, ignoring the reported issue? If so, I wouldn't worry too much about it.


    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by Jeremy_CA Thursday, September 29, 2011 6:13 PM
    Monday, September 26, 2011 6:02 PM
  • I appreciate the assistance.  I was worried that this would be the case, regardless I just added the extra rules to the firewall to allow the traffic through to "most" of the root servers.  Not 100% satisfied with this solution, but it will work.

     

    Thanks again for the response

    Thursday, September 29, 2011 6:13 PM