2nd try at posting this. Lyris rejected the first for some unknown reason. > -----Original Message----- > From: Andrew Dadmun > Sent: Thursday, November 29, 2001 11:11 AM > To: 'isalist@xxxxxxxxxxxxx' > Subject: Firewall client / DNS problem > > Hi > > RE: ISA Enterprise on Win2K server SP2 with latest hot fixes for Win2K > and ISA. This ISA server also serves as a PPTP server. > > I thought I'd give this list a try before I call MS PSS. We have a couple > of application/web server in our DMZ (perimeter) that we use one at a > time. When we want to make one live, we merely switch our DNS. The TTL > on the DNS is low - 600 seconds. This allows up to update code on the > non-live server and then make it active by switching the DNS. That's all > fine to the external world - it works great. However, we have discovered > a problem with internal users who use the firewall client. Those internal > users get the wrong IP address. They get the old IP address after the DNS > update. Even after waiting the 600 seconds. Even after much longer. If > they disable the firewall client, they get the correct IP address > immediately. If they re-enable the firewall client, they again get the > old address. > > I have confirmed this on my own PC. With the firewall client enabled, if > I ping (or http browse) the FQDN, I get the wrong address. If I do a > nslookup from my PC to the DNS server, I get the correct IP address. > > Another aspect of this that is strange - if I go to the ISA server's > console I get the correct IP address. So, the ISA server, external users, > and users with the firewall client disabled (or not installed) all get the > correct information. Only users with the firewall client installed get > the wrong info. > > Can anyone shed some light on this problem? I have done a pretty > extensive search on groups.google.com and I haven't found the solution > yet. Let me know if you need more info. > > Regards, > Andrew Dadmun <> Senior Network Engineer > e-Builder, Inc. http://www.e-builder.net > Voice: 352-384-2940 <> Fax: 352-380-0352 > >