0

I was looking through my watchguard traffic today and noticed a lot of traffic going from my two local DNS servers to "Google-Plus". I'm assuming watchguard has that labeled incorrect as the IP addresses they are trying to connect to are the Google DNS addresses (8.8.8.8 and 8.8.4.4). I don't know if this has always been going on or if this is a new issue (hell, it might not even be an issue).

My question is, why are my DNS servers trying to connect / send data to the google dns servers? I have looked through all of my settings and I find no reference to any IP address outside of my network. There is another address it's sending data to as well - 64.89.70.2. This address is listed as being part of windstream but Watchguard has it labeled as "google-plus" as well.

My best guess is that it's just trying to update the DNS cache on both sides and that it's just being mislabeled as "google-plus" and sometimes "google-talk" in watchguard. But before I allow those specific IP addresses I want to have some input from those wiser than I.

Thanks.

lmark
  • 11
  • 3
Michael Haynes
  • 1
  • 3
    My first presumption would be that someone has configured Googles DNS as the forwarders for your server. Pretty common and acceptable nowadays, in my opinion. I'd triple check the config and see what forwarders are configured. – Dan Feb 06 '15 at 21:22
  • Thanks Dan. I'll go through the settings again to see if I just overlooked something. – Michael Haynes Feb 06 '15 at 21:29
  • 1
    Spot on Dan. I totally missed the forwarders settings (I was focused on the actual DNS entries). I'm going to research a little to see if I want to leave them that way but I appreciate the fast and accurate info. If you will put that into an answer we can accept it. :) – Michael Haynes Feb 06 '15 at 21:32

2 Answers2

3

why are my DNS servers trying to connect / send data to the google dns servers?

Because someone configured them that way. Simple like that.

This is not "google +". It is the google public DNS infrascturcture - which is generally assumed to be quite good and fast.

My best guess is that it's just trying to update the DNS cache on both sides

Ignorant as best. it is simply asking the google servers for name resolutions. There is no "update on both sides" and there definitely is no "data" sent to google - unless you call requests data.

Generally google hasa VERY good infrastructure of caching servers, and being unicast the same IP addresses are reachable quite fast pretty much everywhere on the world.

I woiuld say someone did you a favour AND - it is a very common setup today. Though a lot more used when one is not running his own caching servers ;) Using google DNS avoids all kinds of crap certain ISP's arep doing in their own servers (like returning a search page for wrongly typed domain names).

TomTom
  • 50,857
  • 7
  • 52
  • 134
1

My first presumption would be that someone has configured Googles DNS as the forwarders for your server. Pretty common and acceptable nowadays, in my opinion. I'd triple check the config and see what forwarders are configured.

Dan
  • 15,280
  • 1
  • 35
  • 67