RE: ISA 2004 Cache
- From: <AHendriks@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Jul 2005 15:14:50 +0200
> This is getting absurd.
>
> The original problem was about people getting content from
> one EXTERNAL site when they had actually requested a
> completely different EXTERNAL site.
That's still the problem.
> In order for ISA to provide ANY content, it must first
> perform name lookups for the site being requested (www.google.com).
>
> In order for this to occur, it must contact a DNS server that
> can either provide this name-to-IP mapping or it also must
> contact a DNS server that can.
>
> This cannot happen while "port 53 is blocked".
Nope, the isa server in the dmz zone can make dns request to a internal
dns server which have acces through that port to the internet, the isa
server can't connect to a dns server on the internet only to the dns in
the internal lan.
>
> -----Original Message-----
> From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> Sent: Thursday, July 14, 2005 11:12 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 Cache
>
> http://www.ISAserver.org
>
>
> > You can't have both "resolving sites well" and "port blocked"
> > in the same environment.
>
> I can resolve the site with the dns which is hosted insite,
> and the blocked port is the port to the internet, only port
> 80 and 21 are opend to the internet, port 53 can go to the
> internet dns server.
>
> Arjan
> >
> > > Sounds like you might be getting some DNS cache poisoning.
> > > This can completely mess up the ISA cache because ISA gets
> > directed to
> > > the wrong place.
> >
> > That was my first thought to, but i have checked dns
> settings serveral
> > times, and the dns is resolving the sites well.
> >
> > > Try using a different upstream DNS provider and see if that helps.
> >
> > I have only one dns upstream available, which is a internal dns
> > server, i'm unable to change the dns to a server on the internet,
> > cause the port has been blocked.
> >
> > Arjan
> >
> > >
> > > > You'll have to be a bit more specific about:
> > >
> > > OK, i will place some configuration stuff here.
> > >
> > > > 1. your ISA caching configuration
> > >
> > > The default cache rule, the only thing i have changed is
> > disabling the
> > > ftp caching, an second rule which disables caching for
> > > windowsupdate.microsoft.com.
> > >
> > > I have configured a cache size of 10 Gb, and have left
> > everything in
> > > default.
> > >
> > > > 2. what sites
> > >
> > > When going to www.google.com the user ends up at www.omroep.nl
> > >
> > > > 3. what requests.
> > >
> > > HTTP request.
> > >
> > > > Generally, ISA caches site content according to the rule
> > > outlined in
> > > > the ISA help, but it's also possible to configure it so
> > > that it caches
> > >
> > > > everything in sight (bad thing).
> > >
> > > I haven't changed anything in the caching rule, as
> > mentioned above, on
> > > the server there is a eTrust antivirus client active, i
> > have excluded
> > > the caching dir for scanning, and the processes used by isa are
> > > excluded to.
************************************************************************
De informatie in deze e-mail is uitsluitend bestemd voor de geadresseerde. Als
u deze e-mail onterecht heeft ontvangen, wilt u dan zo vriendelijk zijn de
afzender te waarschuwen door deze e-mail terug te sturen en de gegevens van uw
computer te verwijderen. De RDW kan niet volledig instaan voor de juiste en
volledige overbrenging van deze e-mail.
The information in this e-mail is exclusively intended for the addressee. If
you have received this e-mail in error, then you are requested to inform the
sender by returning this e-mail to him/her and delete the message. The RDW has
not secured the contents of this e-mail and can therefore not guarantee the
accurate and complete transmission of this e-mail.
************************************************************************
Other related posts:
