RE: Flaky DNS server

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 16 Feb 2003 19:31:34 -0600

Hi Mark,

You have everything working now? A tip for ya: since the DNS server is
on the ISA Server itself, protocol rules do not apply. You need to
create packet filters to allow the DNS server to access the protocols it
requires.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 


-----Original Message-----
From: Mark Strangways [mailto:strangconst@xxxxxxxxxx] 
Sent: Friday, February 14, 2003 4:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Flaky DNS server


http://www.ISAserver.org


see inline
----- Original Message ----- 
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, February 14, 2003 12:43 PM
Subject: [isalist] RE: Flaky DNS server


http://www.ISAserver.org


Hi Mark,

Where is the DNS Server?
    On the ISA box
How is is it configured to resolve internet host names?
    Uses forwarders to ISP's DNS servers
What protocol rules do you have in place to support it?
    - Send / Recieve UDP 53
    - Recieve / Send UDP 53
    - Outbound TCP 53
    - Outbound TCP 43 (whois lookups)
Where are you doing the nslookup queries from?
    Useing a SNAT client machine with admin priveledges.

I played with the recursion and it will do lookups now. 

Thanks Thomas..

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2003