Re: DNS Help

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 6 Feb 2002 14:15:29 -0800

Not bad; just some minor changes to the settings:
Packet Filter Name : DNS filter
    This one is ok (outbound packets)

Packet Filter Name : DNS Query
    Direction : Receive-Send (inbound packets that expect a response)

Packet Filter Name : DNS TCP
    This one is ok (inbound packets)

Packet Filter Name : DNS Zone Transfer
    Direction : Inbound (inbound also)

Also, bear in mind that PF are IP-specific; that is, you have to create one
for each IP that is supposed to service that protocol.
If you're trying to reach a server behind ISA instead of services on the
ISA, then you need to look into server publishing.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Raji Arulambalam" <rajia@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, February 06, 2002 12:23
Subject: [isalist] Re: DNS Help


http://www.ISAserver.org


Hi Jim

Here is how they are defined
The external NIC has multiple IP#s

Packet Filter Name : DNS filter

Enabled : True
Filter Mode : Allow
Predefined Filter : DNS Lookup
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers

Packet Filter Name : DNS Query

Description : Created by RA 9/8/01. Q291662
Enabled : True
Filter Mode : Allow
Filter Type : Custom
Protocol : UDP
Direction : Inbound and Outbound
Local Port : 53
Remote Port : Any Port
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers

Packet Filter Name : DNS TCP

Description : Created by RA 9/8/01. Q292278
Enabled : True
Filter Mode : Allow
Filter Type : Custom
Protocol : TCP
Direction : Outbound
Local Port: Any Port
Remote Port : 53
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers

Packet Filter Name : DNS Zone Transfer

Description : Created by RA 9/8/01. Q291662
Enabled : True
Filter Mode : Allow
Filter Type : Custom
Protocol : TCP
Direction : Inbound and Outbound
Local Port : 53
Remote Port : Any Port
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers

---------------------------------------------
  Raji Arulambalam
  Systems Administrator
  Bay of Plenty REGIONAL Council
  P O Box 364 Whakatane.
  NEW ZEALAND
  Phone: 0800 ENV BOP (0800 368 267) +64 7 922 3390
  Fax:    0800 ENV FAX (0800 368 329) +64 7 922 3393
  http://envbop.govt.nz
--------------------------------------------
[Unix] is not necessarily evil, like OS/2.  - Peter Norton



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, 7 February 2002 4:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: DNS Help


http://www.ISAserver.org


Those are all DNS queries (UDP-53) and one SMTP packet from 192.146.150.3
(TCP-25).

What's happening is that the PF service is rejecting the packets.
Exactly how are your packet filters defined?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Raji Arulambalam" <rajia@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, February 05, 2002 19:44
Subject: [isalist] DNS Help


http://www.ISAserver.org


Hi

I am hosting a DNS server on the ISA server. I have set up packet filters
etc as in KB articles Q292278, Q291662 to answer DNS queries and zone
transfers.

Can someone explain why these are blocked /  what do they mean... taken from
the Packet Filter logs.
2/6/2002, 0:02:55, 62.168.72.75, 192.146.150.10, Udp, 2656, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:00, 62.168.72.75, 192.146.150.10, Udp, 2647, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:04, 62.168.72.75, 192.146.150.10, Udp, 2647, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:12, 62.168.72.75, 192.146.150.10, Udp, 2664, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:17, 62.168.72.75, 192.146.150.10, Udp, 2664, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:21, 62.168.72.75, 192.146.150.10, Udp, 2664, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:46, 192.146.150.3, 210.48.22.151, Tcp, 59309, 25, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:52, 62.168.72.75, 192.146.150.10, Udp, 2668, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:57, 62.168.72.75, 192.146.150.10, Udp, 2668, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:04:01, 62.168.72.75, 192.146.150.10, Udp, 2668, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:39:56, 195.101.94.7, 192.146.150.100, Udp, 1688, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 15:49:42, 203.97.32.5, 192.146.150.100, Udp, 37898, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:37:24, 209.81.9.151, 192.146.150.100, Udp, 2871, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:12:02, 208.24.179.207, 192.146.150.100, Udp, 52983, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:36, 202.7.15.13, 192.146.150.100, Udp, 59100, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:40, 202.7.15.13, 192.146.150.100, Udp, 59100, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:41, 202.7.15.13, 192.146.150.100, Udp, 59100, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:45, 202.7.15.61, 192.146.150.100, Udp, 62862, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:45, 202.7.15.61, 192.146.150.100, Udp, 62862, 53, -,
BLOCKED, 192.146.150.3, -, -

If these are for Reverse lookups (there are mail systems that now do these
before accepting mail.) how do I allow it.??

Thanks

---------------------------------------------
  Raji Arulambalam
  Systems Administrator
  Bay of Plenty REGIONAL Council
  P O Box 364 Whakatane.
  NEW ZEALAND
  Phone: 0800 ENV BOP (0800 368 267) +64 7 922 3390
  Fax:    0800 ENV FAX (0800 368 329) +64 7 922 3393
  http://envbop.govt.nz
--------------------------------------------
Ed Rooney:  I don't trust this kid any farther than I can throw him. Grace:
With your bad knee Ed, you shouldn't throw anybody.



******************************************************
This e-mail has been checked for viruses and no viruses were detected.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rajia@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

**********************************************************************
 This e-mail message has been swept for content and viruses. No viruses were
detected.
 Contact the Helpdesk on extension 9CIS (9247) for assistance, if required.

******************************************************
This e-mail has been checked for viruses and no viruses were detected.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help
• » Re: DNS Help

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---