RE: DNS Zone XFers

• From: "Connor Moran" <isa@xxxxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Mon, 8 Dec 2003 20:20:56 +0800

Hi All,

Last month (or before) Glenn was asking about ISA co-existing with an
authoritive DNS acting as primary and secondary DNS server. The reference MS
KB article is;

http://support.microsoft.com/default.aspx?scid=kb;en-us;291662&Product=ISAS

It talks about setting up the relevant Packet Filters to allow Zone Transfer
between DNS.

Curiously, on all the client ISA machines I setup I have had very little
success with the above to get the zone transfer started. I find that while
the above works, I must stop the ISA services and restart W2K's DNS Server
service to complete the zone transfer.

You can watch it for yourself if you have a secondary setup. If you go to
the DNS MMC, right-hand click on your secondary domain and force "Transfer
from Master". You'll see;

Type: Information
Event Source: DNS
Event Category: None
Event ID: 6522
Date:  8/12/2003
Time:  6:55:51 PM
User:  N/A
Computer: GATEWAY
Description:
A more recent version, version <value> of zone <your secondary domain> was
found at DNS server at <your primary DNS>. Zone transfer is in progress.


Then shortly after that;

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 6523
Date:  8/12/2003
Time:  6:56:21 PM
User:  N/A
Computer: GATEWAY
Description:
Zone ontime.com.au failed zone refresh check.  Unable to connect to master
DNS server at <your primary DNS> to receive zone transfer.  Check that the
zone contains correct IP address for the master server or if network failure
has occurred.  For more information, see "To update the master server for a
secondary zone" in the online Help.  If available, you can specify more than
one master server in the list for this zone.


Once the zone transfer has occured once with ISA "off", it seems to update
fine after that.

I think there must be some other initial communication that Microsoft's KB
article doesn't allow for with it's packet filters, but I can't find any
documentation to that effect.

Anyone have any ideas?

Regards,

Connor!

Other related posts:

• » DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers
• » RE: DNS Zone XFers

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---