Hi Mark, You have everything working now? A tip for ya: since the DNS server is on the ISA Server itself, protocol rules do not apply. You need to create packet filters to allow the DNS server to access the protocols it requires. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Mark Strangways [mailto:strangconst@xxxxxxxxxx] Sent: Friday, February 14, 2003 4:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Flaky DNS server http://www.ISAserver.org see inline ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, February 14, 2003 12:43 PM Subject: [isalist] RE: Flaky DNS server http://www.ISAserver.org Hi Mark, Where is the DNS Server? On the ISA box How is is it configured to resolve internet host names? Uses forwarders to ISP's DNS servers What protocol rules do you have in place to support it? - Send / Recieve UDP 53 - Recieve / Send UDP 53 - Outbound TCP 53 - Outbound TCP 43 (whois lookups) Where are you doing the nslookup queries from? Useing a SNAT client machine with admin priveledges. I played with the recursion and it will do lookups now. Thanks Thomas.. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')