RE: ISA 2004 Cache

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 15 Jul 2005 06:28:30 -0700

This is getting absurd.

The original problem was about people getting content from one EXTERNAL
site when they had actually requested a completely different EXTERNAL
site.

In order for ISA to provide ANY content, it must first perform name
lookups for the site being requested (www.google.com).

In order for this to occur, it must contact a DNS server that can either
provide this name-to-IP mapping or it also must contact a DNS server
that can.

This cannot happen while "port 53 is blocked".

-----Original Message-----
From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] 
Sent: Thursday, July 14, 2005 11:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 Cache

http://www.ISAserver.org


> You can't have both "resolving sites well" and "port blocked" 
> in the same environment.

I can resolve the site with the dns which is hosted insite, and the
blocked port is the port to the internet, only port 80 and 21 are opend
to the internet, port 53 can go to the internet dns server.

Arjan
> 
> > Sounds like you might be getting some DNS cache poisoning.
> > This can completely mess up the ISA cache because ISA gets 
> directed to 
> > the wrong place.
> 
> That was my first thought to, but i have checked dns settings 
> serveral times, and the dns is resolving the sites well.
> 
> > Try using a different upstream DNS provider and see if that helps.
> 
> I have only one dns upstream available, which is a internal 
> dns server, i'm unable to change the dns to a server on the 
> internet, cause the port has been blocked.
> 
> Arjan 
> 
> > 
> > > You'll have to be a bit more specific about:
> > 
> > OK, i will place some configuration stuff here.
> > 
> > > 1. your ISA caching configuration
> > 
> > The default cache rule, the only thing i have changed is 
> disabling the 
> > ftp caching, an second rule which disables caching for 
> > windowsupdate.microsoft.com.
> > 
> > I have configured a cache size of 10 Gb, and have left 
> everything in 
> > default.
> > 
> > > 2. what sites
> > 
> > When going to www.google.com the user ends up at www.omroep.nl
> > 
> > > 3. what requests.
> > 
> > HTTP request.
> > 
> > > Generally, ISA caches site content according to the rule
> > outlined in
> > > the ISA help, but it's also possible to configure it so
> > that it caches
> > 
> > > everything in sight (bad thing).
> > 
> > I haven't changed anything in the caching rule, as 
> mentioned above, on 
> > the server there is a eTrust antivirus client active, i 
> have excluded 
> > the caching dir for scanning, and the processes used by isa are 
> > excluded to.


************************************************************************
De informatie in deze e-mail is uitsluitend bestemd voor de
geadresseerde. Als u deze e-mail onterecht heeft ontvangen, wilt u dan
zo vriendelijk zijn de afzender te waarschuwen door deze e-mail terug te
sturen en de gegevens van uw computer te verwijderen. De RDW kan niet
volledig instaan voor de juiste en volledige overbrenging van deze
e-mail.

The information in this e-mail is exclusively intended for the
addressee. If you have received this e-mail in error, then you are
requested to inform the sender by returning this e-mail to him/her and
delete the message. The RDW has not secured the contents of this e-mail
and can therefore not guarantee the accurate and complete transmission
of this e-mail.
************************************************************************



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache
• » RE: ISA 2004 Cache

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---