0

I'm looking at a tcpdump of my network and seeing floods of mdns packets from my W2k3 AD Server. :

03:28:30.655189 IP mydomainserver.local.mdns > 224.0.0.251.mdns: 0*- [0q] 1/0/0 A 192.168.100.1 (40)

Why is it doing this and how can I stop it?

jscott
  • 24,484
  • 8
  • 79
  • 100
Frank Brenner
  • 175
  • 5
  • 11

1 Answers1

1

This is from installed software (which is a little concerning on a domain controller).

Check through Add/Remove Programs, and get rid of anything that shouldn't be there.

More info on multicast DNS here.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • 1
    As Shane says, this is Bonjour/mDNS. It's doing it because someone installed it, and you stop it by not installing stuff on your domain controllers unless you understand what it does. – Rob Moir May 17 '11 at 16:19
  • Exactly right. Turned out to be a server product which uses Bonjour. – Frank Brenner May 30 '11 at 10:39