http://www.ISAserver.org ------------------------------------------------------- Gosh I'm slow. PIX, EDNS0, Queries Failing. Yeah, UDP packet size. Microsoft has a KB article on this, too. It's below. http://support.microsoft.com/kb/828263 Now I'm off to read up on the DNS best practices Thor sent out. :) Cordially yours, Jerry G. Young II Applications Engineer, Platform Engineering Enterprise Hosting NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Wednesday, October 18, 2006 10:03 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: OT: DNS and Forwarders > > http://www.ISAserver.org > ------------------------------------------------------- > > http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=42188&DisplayTa > b=Article > > You can disable DNS or whack the PIX. PSS wouldn't want to suggest that > you get rid of pix, since they think it's magic too. :) > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA > > Sent: Wednesday, October 18, 2006 8:56 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] OT: DNS and Forwarders > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > While on the phone with MS PPS - I asked (twice) him to consider the > > PIX501 (while providing them full access to its logs and dashboard) as > > the source of the problem. They consistently put that > > possibility to the > > side (in reserve) and opted for the (disable EDNS) move. > > We'll find out > > in the next 24 hours if he was right. > > > > Side Note: When the cable guy came to run/install the co-axle > > cable, he > > went into the attic and ran into a 5-foot black snake > > slithering between > > the rafters. > > > > Joseph F. Danielsen, > > MCSA - Exchange Messaging Specialist, MCP > > Network Blade Inc. > > 49 Marcy Street > > Somerset, NJ 08873 > > 732-213-0600 > > www.networkblade.com > > > > > > > > > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > On Behalf Of Greg Mulholland > > Posted At: Wednesday, October 18, 2006 7:21 PM > > Posted To: ISA > > Conversation: [isalist] Re: OT: DNS and Forwarders > > Subject: [isalist] Re: OT: DNS and Forwarders > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > agreed! > > > > ----- Original Message ----- > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > > To: <isalist@xxxxxxxxxxxxx> > > Sent: Thursday, October 19, 2006 9:00 AM > > Subject: [isalist] Re: OT: DNS and Forwarders > > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > Well, it's feasible in any ISA configuration... But yes, not with > > Joseph's > > > single server client (which I didn't know didn't have ISA...) > > > > > > t > > > > > > > > > On 10/18/06 3:37 PM, "Greg Mulholland" <gmulholland@xxxxxxxxxxxx> > > spoketh > > > to > > > all: > > > > > >> http://www.ISAserver.org > > >> ------------------------------------------------------- > > >> > > >> whilst i agree with the principle totally, its not always > > feasible in > > > > >> some > > >> environments...catching up on mail, can ya tell? > > >> > > >> Greg > > >> ----- Original Message ----- > > >> From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > > >> To: <isalist@xxxxxxxxxxxxx> > > >> Sent: Thursday, October 19, 2006 3:51 AM > > >> Subject: [isalist] Re: OT: DNS and Forwarders > > >> > > >> > > >>> http://www.ISAserver.org > > >>> ------------------------------------------------------- > > >>> > > >>> Why do your internal clients need to resolve DNS > > directly? I never > > ever > > >>> use > > >>> forwarders on my AD boxes. I always create root zones on > > my AD DNS > > >>> servers > > >>> and only use ISA to resolve DNS for web proxy/fw clients. > > >>> > > >>> That's where what I consider "true" security and separation comes > > from. > > >>> > > >>> t > > >>> > > >>> > > >>> On 10/18/06 9:13 AM, "ISA" <ISA@xxxxxxxxxxxxxxxx> spoketh to all: > > >>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> > > >>>> This actually has happened with and without forwarders - > > >>>> > > >>>> Steve, I interpret your suggestion as using only the Root Hints? > > >>>> > > >>>> > > >>>> > > >>>> Joseph Danielsen, MCSA-Messaging, MCP > > >>>> > > >>>> Network Blade Inc. > > >>>> > > >>>> 49 Marcy Street > > >>>> > > >>>> Somerset, NJ 08873 > > >>>> > > >>>> 732-213-0600 > > >>>> > > >>>> www.networkblade.com > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -----Original Message----- > > >>>> From: isalist-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of Steve Moffat > > >>>> Posted At: Wednesday, October 18, 2006 12:08 PM > > >>>> Posted To: ISA > > >>>> Conversation: [isalist] Re: OT: DNS and Forwarders > > >>>> Subject: [isalist] Re: OT: DNS and Forwarders > > >>>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> FWIW.....I have 2 caching only DNS Servers that I setup to use as > > >>>> forwarders for my AD DNS Servers, when I use them, I get the very > > same > > >>>> issue. If I however, remove them from the forwarders section, I > > have no > > >>>> DNS Issues at all whatsoever, anytime. > > >>>> > > >>>> S > > >>>> > > >>>> -----Original Message----- > > >>>> From: isalist-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of ISA > > >>>> Sent: Wednesday, October 18, 2006 1:03 PM > > >>>> To: ISA Mailing List > > >>>> Subject: [isalist] Re: OT: DNS and Forwarders > > >>>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> Thanks Mike: > > >>>> > > >>>> I will try clearing the cache - but this happens now > > about everyday > > >>>> (morning usually). I really have to find the source of > > the problem. > > >>>> > > >>>> > > >>>> > > >>>> Joseph Danielsen, MCSA-Messaging, MCP > > >>>> > > >>>> Network Blade Inc. > > >>>> > > >>>> 49 Marcy Street > > >>>> > > >>>> Somerset, NJ 08873 > > >>>> > > >>>> 732-213-0600 > > >>>> > > >>>> www.networkblade.com > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -----Original Message----- > > >>>> From: isalist-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of Michael Ross > > >>>> Posted At: Wednesday, October 18, 2006 12:01 PM > > >>>> Posted To: ISA > > >>>> Conversation: [isalist] OT: DNS and Forwarders > > >>>> Subject: [isalist] Re: OT: DNS and Forwarders > > >>>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> Windows 2003 DNS servers? > > >>>> Believe it or not, ive seen that . It's a cache pollution type of > > >>>> behavior, with no logging or other signs to prove that. > > >>>> Try to clear the DNS cache next time and see if it helps. > > >>>> > > >>>> -----Original Message----- > > >>>> From: isalist-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of ISA > > >>>> Sent: Wednesday, October 18, 2006 10:59 AM > > >>>> To: isalist@xxxxxxxxxxxxx > > >>>> Subject: [isalist] OT: DNS and Forwarders > > >>>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> Steve: Funny you should say that because I've done that a few > > times. > > >>>> > > >>>> DNS stops - I removed the forwards - Restart DNS - DNS works. > > >>>> DNS stops - I change the forwards - Restart DNS - DNS works. > > >>>> > > >>>> I want to blame my server but I'm just not sure where the failure > > is. > > >>>> > > >>>> > > >>>> > > >>>> Joseph Danielsen, MCSA-Messaging, MCP > > >>>> > > >>>> Network Blade Inc. > > >>>> > > >>>> 49 Marcy Street > > >>>> > > >>>> Somerset, NJ 08873 > > >>>> > > >>>> 732-213-0600 > > >>>> > > >>>> www.networkblade.com > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -----Original Message----- > > >>>> From: isalist-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of Steve Moffat > > >>>> Posted At: Wednesday, October 18, 2006 11:55 AM Posted To: ISA > > >>>> Conversation: [isalist] OT: DNS and Forwarders > > >>>> Subject: [isalist] Re: OT: DNS and Forwarders > > >>>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> Remove the forwarders.....then see how fast your Internet speed > > >>>> gets...:) > > >>>> > > >>>> S > > >>>> > > >>>> -----Original Message----- > > >>>> From: isalist-bounce@xxxxxxxxxxxxx > > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > > >>>> On Behalf Of ISA > > >>>> Sent: Wednesday, October 18, 2006 12:49 PM > > >>>> To: ISA Mailing List > > >>>> Subject: [isalist] OT: DNS and Forwarders > > >>>> > > >>>> http://www.ISAserver.org > > >>>> ------------------------------------------------------- > > >>>> > > >>>> Hello All - > > >>>> > > >>>> This might be off-topic, but has anyone every had their Windows > > DNS/DC > > >>>> server intermittently stop forwarding DNS requests? > > >>>> > > >>>> I checked with the ISP and they don't recognize and problems on > > their > > >>>> end. > > >>>> > > >>>> JD > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> ------------------------------------------------------ > > >>>> List Archives: //www.freelists.org/archives/isalist/ > > >>>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>>> ISA Server Articles and Tutorials: > > >>>> http://www.isaserver.org/articles_tutorials/ > > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>>> ------------------------------------------------------ > > >>>> Visit TechGenix.com for more information about our other sites: > > >>>> http://www.techgenix.com > > >>>> ------------------------------------------------------ > > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>>> > > >>>> > > >>>> > > >>> > > >>> > > >>> ------------------------------------------------------ > > >>> List Archives: //www.freelists.org/archives/isalist/ > > >>> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >>> ISA Server Articles and Tutorials: > > >>> http://www.isaserver.org/articles_tutorials/ > > >>> ISA Server Blogs: http://blogs.isaserver.org/ > > >>> ------------------------------------------------------ > > >>> Visit TechGenix.com for more information about our other sites: > > >>> http://www.techgenix.com > > >>> ------------------------------------------------------ > > >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >>> Report abuse to listadmin@xxxxxxxxxxxxx > > >>> > > >>> > > >> > > >> ------------------------------------------------------ > > >> List Archives: //www.freelists.org/archives/isalist/ > > >> ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > >> ISA Server Articles and Tutorials: > > >> http://www.isaserver.org/articles_tutorials/ > > >> ISA Server Blogs: http://blogs.isaserver.org/ > > >> ------------------------------------------------------ > > >> Visit TechGenix.com for more information about our other sites: > > >> http://www.techgenix.com > > >> ------------------------------------------------------ > > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > >> Report abuse to listadmin@xxxxxxxxxxxxx > > >> > > >> > > >> > > > > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx