No, no you must apply the subsequent thing: create packet filter: dns query: fitel type predefined :Custom ip protocolo: UDP direction: Received send Local Port:Fixed port port number:53 remote port:all ports Default ipaddress remote copmputer :all dns Zone Transfer: fitel type predefined :Custom ip protocolo: tcp direction: Both Local Port:Fixed port port number:53 remote port:all ports Default ipaddress remote copmputer :all Dns filter there are by default My situatio have dns and isa on the same computer then you must configure correctly dns and specify the ip address of the secondary dns with your ip address in dns -----Original Message----- From: patricks@xxxxxxxxxxxxxxxxxx [mailto:patricks@xxxxxxxxxxxxxxxxxx] Sent: venerdì 31 agosto 2001 13.37 To: [ISAserver.org Discussion List] Subject: [isalist] DNS Zone Transfers not working http://www.ISAserver.org Hi all, Just a quick question re DNS zone transfers and the DNS application filter. I have the DNS zone transfer from privileged/high ports options set in the intrusion detection filter. If I do an nslookup (ls -d domainname.co.uk) from an ip external to the firewall, the zone is transferred fine. Naturally an alert is generated. However, if I deselect these check boxes, restart ISA and try this again, the nslookup process hangs on the ls -d domainname.co.uk command. Could someone confirm this behaviour happens with their firewall. If so why ? Patrick ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: paolo.bosio@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')