Re: DNS queries on HTML mail in Outlook

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 4 May 2005 05:11:35 -0500

Hi Danny,
Agreed. I didn't mean to say that my luck with HTML mail is something
that should be generalized to the canaille.

However, more importantly, is the DNS query issue. If anyone ever
notices that their HTML mail shows up slowly in the preview pane, you
should run a quick packet trace with the network analyzer of your
choice. You'll see repeated DNS queries to the DNS server the client
machine is configured to use.

Danny -- re: the DNS servers queried. No, that's the issue. You might
already know that the Web proxy client configure enables the ISA
firewall to perform DNS name resolution services on behalf of the
client; the same is true for the Firewall client configuration. So, its
interesting, esp. in light of [Outlook] Disable=0 in the Firewall client
configuration, that the machine acts, in this instance only, as a
SecureNAT client and thus queries local DNS servers, almost after if a
local split DNS were being used for these domains (which obviously isn't
the case).


Tom and Deb Shinder's Configuring ISA Server 2004
MVP -- ISA Firewalls

-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Tuesday, May 03, 2005 9:53 AM
To: [ExchangeList]
Subject: [exchangelist] Re: DNS queries on HTML mail in Outlook

On 5/2/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> Hi Danny,
> Agreed, its some pretty weird stuff. I leave HTML mail open because I
> have four AV and spam relays in front of my Exchange Server, and I run
> AV and antispyware on my hosts. So, I guess if HTML mail is that
> it deserves to infect him. I haven't been nailed by it in over 7
> so maybe my time is running out :-))

Thomas, I see your point, but I do not want to mislead anyone on this
list seeking guidance, as your personal success with avoiding getting
"nailed" does not apply to most organizations with users much, much
less experienced than you.

AV software and spam relays are reactive-based technologies.  I prefer
proactive configurations as the primary line of defence in combination
with reactive solutions, such as AV and anti-spam software.


(For all other list members considering Mr. Shinder's approach versus
mine, you will notice - in the URL above - how many disclosed
Microsoft software vulnerabilities could have been mitigated by
viewing email in Plain Text.)

I'd rather replace the door with an iron wall, than hire four security
security guards only trained for known threats to watch the door. 
Anyway, to each is his own.

> I've notice this phenomenum before, but never got around to asking
> anyone about it. What's interesting is that it bypasses the Web proxy
> and firewall client configuration, as the queries are generated by the
> SecureNAT client config.

Are you saying that these DNS lookups (if not already in the resolve
cache) are bypassing the default DNS server in the domain, and are
attempting to go right through your firewall from the client?

> I *think* this may be related to a bug in
> Outlook 2003 and its HTTP handling. I recall some with Microsoft QFE
> mentioning this to me, I'll have to ask him about this.

Thank you,


List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: