RE: Wierd DNS stuff...
- From: "Andrews, Bryan (CCI-Atlanta)" <Bryan.Andrews@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 30 Oct 2001 10:31:32 -0500
OK So what I was trying to figure out by posting here was how could ISA
be letting these requests thru, and is it actually letting dns requests
into our network (as it should not be).
-----Original Message-----
From: Bryan Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
Sent: Monday, October 29, 2001 1:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Wierd DNS stuff...
http://www.ISAserver.org
OK - Jim and everyone, thanks for helping here as I know that this is
not a dns group.
Here is data from the dns log that happened when an outgoing email
fails. This email should not be failing as I tested it from an outside
account. This data is very cryptic to me though so any suggestions are
appreciated.
I will send another when I find it with the weird system events.
Snd 10.1.2.14 45b4 R Q [8281 DR SERVFAIL]
(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)
UDP response info at 004DEFCC
Socket = 496
Remote addr 10.1.2.14, port 47312
Time Query=2724995, Queued=2725007, Expire=2725010
Buf length = 0x0200 (512)
Msg length = 0x0040 (64)
Message:
XID 0x45b4
Flags 0x8182
QR 1 (response)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 2 (SERVFAIL)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name
"(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
Snd 209.228.15.4 1f70 Q [0000 NOERROR]
(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)
UDP question info at 00F3F00C
Socket = 512
Remote addr 209.228.15.4, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0040 (64)
Message:
XID 0x1f70
Flags 0x0000
QR 0 (question)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name
"(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
Snd 209.228.14.4 1f70 Q [0000 NOERROR]
(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)
UDP question info at 00F3F00C
Socket = 512
Remote addr 209.228.14.4, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0040 (64)
Message:
XID 0x1f70
Flags 0x0000
QR 0 (question)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name
"(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
Snd 10.1.2.14 45b4 R Q [8281 DR SERVFAIL]
(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)
UDP response info at 004D5D6C
Socket = 496
Remote addr 10.1.2.14, port 47312
Time Query=2724999, Queued=2725011, Expire=2725014
Buf length = 0x0200 (512)
Msg length = 0x0040 (64)
Message:
XID 0x45b4
Flags 0x8182
QR 1 (response)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 2 (SERVFAIL)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name
"(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, October 24, 2001 2:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Wierd DNS stuff...
http://www.ISAserver.org
The log you should be reading is %SystemRoot%\system32\dns\dns.log.
It's
where the DNS services does the extended logging to.
Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bryan.andrews@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts: