> This is getting absurd. > > The original problem was about people getting content from > one EXTERNAL site when they had actually requested a > completely different EXTERNAL site. That's still the problem. > In order for ISA to provide ANY content, it must first > perform name lookups for the site being requested (www.google.com). > > In order for this to occur, it must contact a DNS server that > can either provide this name-to-IP mapping or it also must > contact a DNS server that can. > > This cannot happen while "port 53 is blocked". Nope, the isa server in the dmz zone can make dns request to a internal dns server which have acces through that port to the internet, the isa server can't connect to a dns server on the internet only to the dns in the internal lan. > > -----Original Message----- > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > Sent: Thursday, July 14, 2005 11:12 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA 2004 Cache > > http://www.ISAserver.org > > > > You can't have both "resolving sites well" and "port blocked" > > in the same environment. > > I can resolve the site with the dns which is hosted insite, > and the blocked port is the port to the internet, only port > 80 and 21 are opend to the internet, port 53 can go to the > internet dns server. > > Arjan > > > > > Sounds like you might be getting some DNS cache poisoning. > > > This can completely mess up the ISA cache because ISA gets > > directed to > > > the wrong place. > > > > That was my first thought to, but i have checked dns > settings serveral > > times, and the dns is resolving the sites well. > > > > > Try using a different upstream DNS provider and see if that helps. > > > > I have only one dns upstream available, which is a internal dns > > server, i'm unable to change the dns to a server on the internet, > > cause the port has been blocked. > > > > Arjan > > > > > > > > > You'll have to be a bit more specific about: > > > > > > OK, i will place some configuration stuff here. > > > > > > > 1. your ISA caching configuration > > > > > > The default cache rule, the only thing i have changed is > > disabling the > > > ftp caching, an second rule which disables caching for > > > windowsupdate.microsoft.com. > > > > > > I have configured a cache size of 10 Gb, and have left > > everything in > > > default. > > > > > > > 2. what sites > > > > > > When going to www.google.com the user ends up at www.omroep.nl > > > > > > > 3. what requests. > > > > > > HTTP request. > > > > > > > Generally, ISA caches site content according to the rule > > > outlined in > > > > the ISA help, but it's also possible to configure it so > > > that it caches > > > > > > > everything in sight (bad thing). > > > > > > I haven't changed anything in the caching rule, as > > mentioned above, on > > > the server there is a eTrust antivirus client active, i > > have excluded > > > the caching dir for scanning, and the processes used by isa are > > > excluded to. ************************************************************************ De informatie in deze e-mail is uitsluitend bestemd voor de geadresseerde. Als u deze e-mail onterecht heeft ontvangen, wilt u dan zo vriendelijk zijn de afzender te waarschuwen door deze e-mail terug te sturen en de gegevens van uw computer te verwijderen. De RDW kan niet volledig instaan voor de juiste en volledige overbrenging van deze e-mail. The information in this e-mail is exclusively intended for the addressee. If you have received this e-mail in error, then you are requested to inform the sender by returning this e-mail to him/her and delete the message. The RDW has not secured the contents of this e-mail and can therefore not guarantee the accurate and complete transmission of this e-mail. ************************************************************************