Random DNS (TCP) requests from Active Directory

  • Thread starter Thread starter Jairo Palacios
  • Start date Start date
J

Jairo Palacios

Guest
Hello community, A few days ago I have been seeing strange DNS requests from a Windows Server 2022 Datacenter that acts as Active Directory (AD). They are DNS requests against a random domain and it changes, the pattern of these DNS requests is against a domain in the form 1092-ms-RANDOM_ID-b908-0676796d96df. These requests are made at intervals of 10 min, 15 min, 15 min, 10 min, 15 min, 15 min periodically. The requests are through port 53, but using the TCP protocol (instead of UDP) and it seems, according to the response, as if they were encrypted to a certain extent, since the information

Continue reading...
 
You must log in or register to reply here.

Similar threads

A
Announcing Windows 11 Insider Preview Build 27695 (Canary Channel)
Replies
0
Views
6
Amanda Langowski
A
F
Active Directory DNS - Queries from different IP subnet.
Replies
0
Views
8
Franklin Guardia
F
F
Active Directory DNS - Queries from different IP subnet.
Replies
0
Views
4
Franklin Guardia
F
B
Announcing Windows 11 Insider Preview Build 25982 (Canary Channel)
Replies
0
Views
15
Brandon LeBlanc
B
W
DNS over HTTPS (DoH) on Windows Server 2022 (DNS Forwarder)
Replies
0
Views
4
wilkas2022
W
Back
Top