[isalist] Re: OT: DNS and Forwarders

• From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 19 Oct 2006 12:51:55 -0700

http://www.ISAserver.org
-------------------------------------------------------
  
No problem... Just offering up some ideas and configuration options that
have worked for me.  I understand that networks need to be "functional" by
design, and that different security options are sometimes just presented as
"wrappers" around existing configurations, but this is a case where one can
design real, tangible security benefits into directly into a topology.
(Like Amy is doing with her new client..)

There are many who say things like "most security problems are caused by
improper configurations." While I can't say "most" as I see just about
everything, I will say that I consider the "standard" setup of DNS to be
"improper" when it comes to security.

Even in a single server environment as in SBS 2003 (as long as you have
premium) the existence of ISA should let you do what you want to do.
Unfortunately, I don't run SBS (it's not suitable for my use or for my
clients) so I can't tell you what kind of voodoo you'll have to use to make
the DNS work right in an all-in-one solution like that.  But hopefully some
of the other SBS dudes around here can.

If the environment won't let you at least have a separate ISA server or
other proxy solution in place, then you really don't have a choice but to
forward out directly from the clients to the DNS box.  But you should still
be able to restrict traffic to *only* that DNS server even with these SOHO
solutions, rather than allowing anything coming from 53 into your network.
If you're NAT'd out, then you are OK for the most part, but you should still
exercise best practices, as NAT is a routing solution, not really a security
solution (though it does provide security benefits.)

If your clients want "real" security, then they are going to have to be
committed to allocating some resources to allow you to do it properly.  If
they simply don't have the resources, then I would say that they should not
have any expectation of security.  In fact, they should expect bad things to
happen.  But even if they have Pix or Sonicwall (which John T. says is
pretty good, actually IIRC) then at least they have something.  That's
better than not.

t


On 10/19/06 8:53 AM, "ISA" <ISA@xxxxxxxxxxxxxxxx> spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Thor - a most excellent passage of DNS and network security.
> 
> Unfortunately, I usually run into the typical client (as was this case)
> that only has one server, one gateway (pikes, conicwell etc) and a few
> clients.
> 
> ISA, DMZ and hosting of anything themselves is out of the question
> (except that which is offered by SBS 2003).
> 
> 
> The fundamental question is how to best configure the network to allow
> the clients and server to resolve internet names (where ISA/DMZ are not
> present). I would assume that your clients are pointing to the DC/DNS
> server!?! From there, there are a few options: Configure DNS server to
> forward / not forward, configure it's NIC with for the ISP DNS server IP
> etc.
> 
> Actually I suppose this question/scenario might not be best addressed
> from this list; since this list is dedicated to ISA which is an
> enterprise product not represented well in the SMALL small business
> market.
> 
> Thanks again for the DNS brief - that'll be another one that I'll
> archive for my records.
> 
> Joseph Danielsen, MCSA-Messaging, MCP
> 
> Network Blade Inc.
> 
> 49 Marcy Street
> 
> Somerset, NJ 08873
> 
> 732-213-0600
> 
> www.networkblade.com
> 
>  
> 
>  
> 
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Posted At: Wednesday, October 18, 2006 11:50 PM
> Posted To: ISA
> Conversation: [isalist] Re: OT: DNS and Forwarders
> Subject: [isalist] Re: OT: DNS and Forwarders
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> I've found that many people seem to dance over the security
> ramifications of
> DNS/forwarders when designing an infrastructure.  I had some off-list
> conversations about this, and thought that it may be valuable to fully
> flesh-out what I think the issues are and how to avoid them.  Now's also
> probably a good time to share my "trick" regarding publicly available
> DNS
> and minimizing service exposure.  So, for the benefit of those who are
> interested:
> 
> When AD DNS is configured as a forwarder, all domain members using that
> DNS
> server will be able to resolve hostnames directly from their IP stack.
> There is no operational reason to have this-- when one considers that
> most
> spyware/malware/trojans/backdoors/shells/etc typically depend on
> hostname
> lookups for direct access to a resource, the capability of a client box
> to
> perform direct host lookups outside your network should (to me) be
> considered unwanted and un-needed.  Personally, I qualify it as
> "dangerous."
> 
> That's why I always configure my AD DNS with a root (.) zone- that way,
> only
> local zones may be queried by the client's stack.  I typically only use
> web
> proxy clients for HTTP(S)/FTP where all DNS is proxied by the ISA box.
> If
> one needs direct DNS for another application (say DOS FTP) then use the
> FWC
> and all DNS will be resolved over the control channel, still being
> proxied
> by the ISA server.
> 
> The ISA server itself will have whatever "public" DNS server configured
> in
> its stack so that it can do the resolution for the clients.
> 
> Not only is direct client DNS "dangerous," but having an AD box set up
> as a
> forwarder is "dangerous" as well as the box must be configured to access
> a
> remote resource over TCP/UDP 53.  This also means that you've opened
> that
> box up for incoming traffic on TCP/UDP 53 as well.  Having static paths
> into
> your internal network from source port routing is crazy.  I can push
> anything I want over 53, not just DNS (and have ;).  Remember, the DNS
> filter is only for published DNS servers, not clients requesting DNS
> lookups.
> 
> But there is the issue of one wanting complete control over host names
> and
> the need to publish your own DNS.  This is what the DMZ is for.  The DMZ
> box
> is set as a forwarding server, and the internal ISA box is set to use
> that
> box for all DNS requests.  In this way, only the ISA box itself need to
> request DNS outside the internal network, and it is already protected.
> In
> this manner, there is no DNS leaving the internal network at all, and no
> static ports into the internal network-- only the ISA box looking up
> DNS,
> and only to that DMZ resource.  The DNS server in the DMZ is protected
> by
> the border ISA box, which (where necessary) is publishing DNS to the DMZ
> for
> remote hosts to look up your domain information.  And here the DNS
> filter is
> used.
> 
> But you can get even better than that-- you can actually be fully in
> control
> of your own zone data without having to actually publish your DNS to the
> world if you have a decent ISP.
> 
> Here's what I do for that-- I have DMZ DNS servers set up as primary DNS
> zones, and have told my ISP to set up their servers as secondary zones
> for
> my domains.  The DMZ box can only zone transfer to the IP's of my ISP's
> DNS
> servers.  Additionally the DMZ box is set to forward to my ISP's cache
> servers.  So, at this point, all internal AD DNS is stopped at the
> controller, and only the ISA box can resolve DNS and only to the DMZ DNS
> server.  My internal Exchange clusters' stack resolves to the AD
> controller,
> and they smart host deliver mail to my DMZ GFI gateway, so still no DNS
> leaving.  The GFI box in the DMZ uses the DMZ DNS.
> 
> The trick is that though I'm primary DNS, and though any changes I make
> to
> my DNS hosts are immediately replicated to my ISP as secondary DNS, I've
> registered my DNS with the domain registry as my *ISP* being primary.
> So
> the world resolves my host names via my *ISP's* DNS servers, not *mine*.
> I
> don't even have to publish DNS at all.
> 
> The end result is that no DNS requests leave my internal network at all,
> except for a single DNS box in the DMZ that can only resolve to the ISP
> DNS
> caches.  There is no publishing at all, no internal paths, no vulns,
> nothing
> at all since the world resolves to the ISP boxes yet I have full control
> over all host name entries.
> 
> It's a pretty tight config.
> 
> t
> 
> 
> 
> On 10/18/06 11:01 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh
> to
> all:
> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>> 
>> The T-Man is definitely right about this.
>> 
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://blogs.isaserver.org/shinder/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- Microsoft Firewalls (ISA)
>> 
>>  
>> 
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>>> (Hammer of God)
>>> Sent: Wednesday, October 18, 2006 12:52 PM
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Re: OT: DNS and Forwarders
>>> 
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>   
>>> Why do your internal clients need to resolve DNS directly?  I
>>> never ever use
>>> forwarders on my AD boxes.  I always create root zones on my
>>> AD DNS servers
>>> and only use ISA to resolve DNS for web proxy/fw clients.
>>> 
>>> That's where what I consider "true" security and separation
>>> comes from.
>>> 
>>> t
>>> 
>>> 
>>> On 10/18/06 9:13 AM, "ISA" <ISA@xxxxxxxxxxxxxxxx> spoketh to all:
>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>> 
>>>> 
>>>> This actually has happened with and without forwarders -
>>>> 
>>>> Steve, I interpret your suggestion as using only the Root Hints?
>>>> 
>>>>  
>>>> 
>>>> Joseph Danielsen, MCSA-Messaging, MCP
>>>> 
>>>> Network Blade Inc.
>>>> 
>>>> 49 Marcy Street
>>>> 
>>>> Somerset, NJ 08873
>>>> 
>>>> 732-213-0600
>>>> 
>>>> www.networkblade.com
>>>> 
>>>>  
>>>> 
>>>>  
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Steve Moffat
>>>> Posted At: Wednesday, October 18, 2006 12:08 PM
>>>> Posted To: ISA
>>>> Conversation: [isalist] Re: OT: DNS and Forwarders
>>>> Subject: [isalist] Re: OT: DNS and Forwarders
>>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>>   
>>>> FWIW.....I have 2 caching only DNS Servers that I setup to use as
>>>> forwarders for my AD DNS Servers, when I use them, I get
>>> the very same
>>>> issue. If I however, remove them from the forwarders
>>> section, I have no
>>>> DNS Issues at all whatsoever, anytime.
>>>> 
>>>> S
>>>> 
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of ISA
>>>> Sent: Wednesday, October 18, 2006 1:03 PM
>>>> To: ISA Mailing List
>>>> Subject: [isalist] Re: OT: DNS and Forwarders
>>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>> 
>>>> Thanks Mike:
>>>> 
>>>> I will try clearing the cache - but this happens now about everyday
>>>> (morning usually). I really have to find the source of the problem.
>>>> 
>>>> 
>>>> 
>>>> Joseph Danielsen, MCSA-Messaging, MCP
>>>> 
>>>> Network Blade Inc.
>>>> 
>>>> 49 Marcy Street
>>>> 
>>>> Somerset, NJ 08873
>>>> 
>>>> 732-213-0600
>>>> 
>>>> www.networkblade.com
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Michael Ross
>>>> Posted At: Wednesday, October 18, 2006 12:01 PM
>>>> Posted To: ISA
>>>> Conversation: [isalist] OT: DNS and Forwarders
>>>> Subject: [isalist] Re: OT: DNS and Forwarders
>>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>> 
>>>> Windows 2003 DNS servers?
>>>> Believe it or not, ive seen that . It's a cache pollution type of
>>>> behavior, with no logging or other signs to prove that.
>>>> Try to clear the DNS cache next time and see if it helps.
>>>> 
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of ISA
>>>> Sent: Wednesday, October 18, 2006 10:59 AM
>>>> To: isalist@xxxxxxxxxxxxx
>>>> Subject: [isalist] OT: DNS and Forwarders
>>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>> 
>>>> Steve: Funny you should say that because I've done that a few times.
>>>> 
>>>> DNS stops - I removed the forwards - Restart DNS - DNS works.
>>>> DNS stops - I change the forwards - Restart DNS - DNS works.
>>>> 
>>>> I want to blame my server but I'm just not sure where the
>>> failure is.
>>>> 
>>>> 
>>>> 
>>>> Joseph Danielsen, MCSA-Messaging, MCP
>>>> 
>>>> Network Blade Inc.
>>>> 
>>>> 49 Marcy Street
>>>> 
>>>> Somerset, NJ 08873
>>>> 
>>>> 732-213-0600
>>>> 
>>>> www.networkblade.com
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of Steve Moffat
>>>> Posted At: Wednesday, October 18, 2006 11:55 AM Posted To: ISA
>>>> Conversation: [isalist] OT: DNS and Forwarders
>>>> Subject: [isalist] Re: OT: DNS and Forwarders
>>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>> 
>>>> Remove the forwarders.....then see how fast your Internet speed
>>>> gets...:)
>>>> 
>>>> S
>>>> 
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>>>> On Behalf Of ISA
>>>> Sent: Wednesday, October 18, 2006 12:49 PM
>>>> To: ISA Mailing List
>>>> Subject: [isalist] OT: DNS and Forwarders
>>>> 
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>> 
>>>> Hello All -
>>>> 
>>>> This might be off-topic, but has anyone every had their
>>> Windows DNS/DC
>>>> server intermittently stop forwarding DNS requests?
>>>> 
>>>> I checked with the ISP and they don't recognize and
>>> problems on their
>>>> end.
>>>> 
>>>> JD
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>> 
>>> 
>>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

• References:
  • [isalist] OT: DNS and Forwarders
    • From: ISA

Other related posts:

• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders

1. Home
2. isalist
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---