[isalist] Re: FWClient DNS Issue

• From: "Ball, Dan" <DBall@xxxxxxxxxxx>
• To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 8 Jan 2010 09:45:36 -0500

Awesome guys!  Thanks for the quick replies and links.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Friday, January 08, 2010 9:40 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FWClient DNS Issue

Today's your lucky day, Dan. :)

I was just reading about this yesterday, although unrelated to this.

R2 has a DNS Global Query Block List.  Guess what's in that list? :)  WPAD and 
ISATAP.

I was continuing my research into deploying DirectAccess and read about it 
during that. :)

On your DNS server look in the Registry for 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters.  There 
should be a GlobalQueryBlockList value.  Edit the list and remove WPAD.  
Restart the DNS services and you should be good to go.
On Fri, Jan 8, 2010 at 9:24 AM, Ball, Dan 
<DBall@xxxxxxxxxxx<mailto:DBall@xxxxxxxxxxx>> wrote:
Interesting problem here, thought I'd ask you guys about it first...

I am working on replacing my Domain Controllers with Server 2008 R2.  Recently, 
I pointed all the DNS servers to the new R2 servers instead of the 2008 SP2 
servers.  Now the Firewall Client will not automatically detect the ISA server.

I traced it back to the wpad DNS entry.  In the DNS server, the wspad and wpad 
entries are Aliases (CNAME) for the ISA server.  When I do an nslookup from a 
workstation, I can resolve the wspad entry, but not the wpad entry (cannot 
find, non-existent domain).    I can delete the Aliases from the server, and 
watch them replicate between the different servers, so I know the settings are 
working.    When I launch the nslookup console, I cannot resolve wpad from the 
R2 servers, but if I attach to the SP2 server it resolves it correctly.

Any ideas why Server 2008 R2 will selectively choose which DNS aliases to 
ignore?


--------------------------------------------------
Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx
Phone: (906)225-5779
Fax: (906)225-5377
--------------------------------------------------




--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com>

• References:
  • [isalist] FWClient DNS Issue
    • From: Ball, Dan
  • [isalist] Re: FWClient DNS Issue
    • From: Jerry Young

Other related posts:

• » [isalist] FWClient DNS Issue- Ball, Dan
• » [isalist] Re: FWClient DNS Issue- Steve Moffat
• » [isalist] Re: FWClient DNS Issue- Roy Tsao
• » [isalist] Re: FWClient DNS Issue- Jerry Young
• » [isalist] Re: FWClient DNS Issue - Ball, Dan
• » [isalist] Re: FWClient DNS Issue- Gene Sibbs
• » [isalist] Re: FWClient DNS Issue- Jim Harrison

1. Home
2. isalist
3. Archive
4. 01-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---