Re: Firewall client / DNS problem

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 29 Nov 2001 12:48:07 -0800

..and now for the rest of the story..
http://isaserver.org/authors/harrison/tutoials/isa-clients-part1.htm

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/

----- Original Message -----
From: "Andrew Dadmun" <adadmun@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, November 29, 2001 08:11
Subject: [isalist] Firewall client / DNS problem


http://www.ISAserver.org


Hi

RE:  ISA Enterprise on Win2K server SP2 with latest hot fixes for Win2K and
ISA.  This ISA server also serves as a PPTP server.

I thought I'd give this list a try before I call MS PSS.  We have a couple
of application/web server in our DMZ (perimeter) that we use one at a time.
When we want to make one live, we merely switch our DNS.  The TTL on the DNS
is low - 600 seconds.  This allows up to update code on the non-live server
and then make it active by switching the DNS.  That's all fine to the
external world - it works great.  However, we have discovered a problem with
internal users who use the firewall client.  Those internal users get the
wrong IP address.  They get the old IP address after the DNS update.  Even
after waiting the 600 seconds.  Even after much longer.  If they disable the
firewall client, they get the correct IP address immediately.  If they
re-enable the firewall client, they again get the old address.

I have confirmed this on my own PC.  With the firewall client enabled, if I
ping (or http browse) the FQDN, I get the wrong address.  If I do a nslookup
from my PC to the DNS server, I get the correct IP address.

Another aspect of this that is strange - if I go to the ISA server's console
I get the correct IP address.  So, the ISA server, external users, and users
with the firewall client disabled (or not installed) all get the correct
information.  Only users with the firewall client installed get the wrong
info.

Can anyone shed some light on this problem?  I have done a pretty extensive
search on groups.google.com and I haven't found the solution yet.  Let me
know if you need more info.

Regards,
Andrew Dadmun <> Senior Network Engineer
e-Builder, Inc. http://www.e-builder.net
Voice: 352-384-2940 <> Fax: 352-380-0352



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

• » Firewall client / DNS problem
• » Re: Firewall client / DNS problem
• » Re: Firewall client / DNS problem
• » Re: Firewall client / DNS problem

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription