[isalist] Re: OT: DNS and Forwarders

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Wed, 18 Oct 2006 15:42:55 -0500

http://www.ISAserver.org
-------------------------------------------------------

You are hereby assigned six social credits for your forthright admission
of inadvertant Syphco treachery.

However, I'm taking back five of them for not telling us about the
dreaded PIX.

But I'll give you back 4 for me not asking ;)

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> Sent: Wednesday, October 18, 2006 2:38 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] OT: DNS and Forwarders
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Tom:
> 
> I've been sitting here trying to come up with a 'half lie' to 
> hide that
> fact. I can't.
> 
> You are correct; PIX501. This is why you are the Professor.
> 
> However - I will note that it was pre-existing and that I have no
> opportunity at this time to get the small client to switch it out.
> 
> Please don't hate me, I'm ugly, poor and hungry.
> 
> Joe
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Posted At: Wednesday, October 18, 2006 3:27 PM
> Posted To: ISA
> Conversation: [isalist] OT: DNS and Forwarders
> Subject: [isalist] Re: OT: DNS and Forwarders
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Hi Joseph,
> 
> Is there a cr*pware firewall like a PIX in front of the ISA Firewall?
> That would be the scenario where EDNS might be an issue.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
> 
>  
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx 
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of ISA
> > Sent: Wednesday, October 18, 2006 2:14 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] OT: DNS and Forwarders
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > Thanks again for the help.
> > 
> > So, I called MS PPS because the DNS issue continued regardless of
> > configuration -
> > 
> > Microsoft (Manuj) suggested that the problem is probably: 
> (EDNS). They
> > shut it off for now and gave me two MS DNS servers to use as 
> > forwarders.
> > 
> > Joseph F. Danielsen, 
> > MCSA - Exchange Messaging Specialist, MCP
> > Network Blade Inc.
> > 49 Marcy Street
> > Somerset, NJ 08873
> > 732-213-0600
> > www.networkblade.com
> >  
> > 
> >  
> > 
> >  
> > 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx 
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Posted At: Wednesday, October 18, 2006 2:01 PM
> > Posted To: ISA
> > Conversation: [isalist] Re: OT: DNS and Forwarders
> > Subject: [isalist] Re: OT: DNS and Forwarders
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > The T-Man is definitely right about this.
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> > > (Hammer of God)
> > > Sent: Wednesday, October 18, 2006 12:52 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: OT: DNS and Forwarders
> > > 
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >   
> > > Why do your internal clients need to resolve DNS directly?  I 
> > > never ever use
> > > forwarders on my AD boxes.  I always create root zones on my 
> > > AD DNS servers
> > > and only use ISA to resolve DNS for web proxy/fw clients.
> > > 
> > > That's where what I consider "true" security and separation 
> > > comes from.
> > > 
> > > t
> > > 
> > > 
> > > On 10/18/06 9:13 AM, "ISA" <ISA@xxxxxxxxxxxxxxxx> spoketh to all:
> > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > > 
> > > > 
> > > > This actually has happened with and without forwarders -
> > > > 
> > > > Steve, I interpret your suggestion as using only the Root Hints?
> > > > 
> > > >  
> > > > 
> > > > Joseph Danielsen, MCSA-Messaging, MCP
> > > > 
> > > > Network Blade Inc.
> > > > 
> > > > 49 Marcy Street
> > > > 
> > > > Somerset, NJ 08873
> > > > 
> > > > 732-213-0600
> > > > 
> > > > www.networkblade.com
> > > > 
> > > >  
> > > > 
> > > >  
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Steve Moffat
> > > > Posted At: Wednesday, October 18, 2006 12:08 PM
> > > > Posted To: ISA
> > > > Conversation: [isalist] Re: OT: DNS and Forwarders
> > > > Subject: [isalist] Re: OT: DNS and Forwarders
> > > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > >   
> > > > FWIW.....I have 2 caching only DNS Servers that I setup 
> to use as
> > > > forwarders for my AD DNS Servers, when I use them, I get 
> > > the very same
> > > > issue. If I however, remove them from the forwarders 
> > > section, I have no
> > > > DNS Issues at all whatsoever, anytime.
> > > > 
> > > > S
> > > > 
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of ISA
> > > > Sent: Wednesday, October 18, 2006 1:03 PM
> > > > To: ISA Mailing List
> > > > Subject: [isalist] Re: OT: DNS and Forwarders
> > > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > > 
> > > > Thanks Mike:
> > > > 
> > > > I will try clearing the cache - but this happens now 
> > about everyday
> > > > (morning usually). I really have to find the source of 
> > the problem.
> > > > 
> > > > 
> > > > 
> > > > Joseph Danielsen, MCSA-Messaging, MCP
> > > > 
> > > > Network Blade Inc.
> > > > 
> > > > 49 Marcy Street
> > > > 
> > > > Somerset, NJ 08873
> > > > 
> > > > 732-213-0600
> > > > 
> > > > www.networkblade.com
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Michael Ross
> > > > Posted At: Wednesday, October 18, 2006 12:01 PM
> > > > Posted To: ISA
> > > > Conversation: [isalist] OT: DNS and Forwarders
> > > > Subject: [isalist] Re: OT: DNS and Forwarders
> > > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > > 
> > > > Windows 2003 DNS servers?
> > > > Believe it or not, ive seen that . It's a cache 
> pollution type of
> > > > behavior, with no logging or other signs to prove that.
> > > > Try to clear the DNS cache next time and see if it helps.
> > > > 
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of ISA
> > > > Sent: Wednesday, October 18, 2006 10:59 AM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] OT: DNS and Forwarders
> > > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > > 
> > > > Steve: Funny you should say that because I've done that a 
> > few times.
> > > > 
> > > > DNS stops - I removed the forwards - Restart DNS - DNS works.
> > > > DNS stops - I change the forwards - Restart DNS - DNS works.
> > > > 
> > > > I want to blame my server but I'm just not sure where the 
> > > failure is.
> > > > 
> > > > 
> > > > 
> > > > Joseph Danielsen, MCSA-Messaging, MCP
> > > > 
> > > > Network Blade Inc.
> > > > 
> > > > 49 Marcy Street
> > > > 
> > > > Somerset, NJ 08873
> > > > 
> > > > 732-213-0600
> > > > 
> > > > www.networkblade.com
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Steve Moffat
> > > > Posted At: Wednesday, October 18, 2006 11:55 AM Posted To: ISA
> > > > Conversation: [isalist] OT: DNS and Forwarders
> > > > Subject: [isalist] Re: OT: DNS and Forwarders
> > > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > > 
> > > > Remove the forwarders.....then see how fast your Internet speed
> > > > gets...:)
> > > > 
> > > > S
> > > > 
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx 
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of ISA
> > > > Sent: Wednesday, October 18, 2006 12:49 PM
> > > > To: ISA Mailing List
> > > > Subject: [isalist] OT: DNS and Forwarders
> > > > 
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > > 
> > > > Hello All -
> > > > 
> > > > This might be off-topic, but has anyone every had their 
> > > Windows DNS/DC
> > > > server intermittently stop forwarding DNS requests?
> > > > 
> > > > I checked with the ISP and they don't recognize and 
> > > problems on their
> > > > end.
> > > > 
> > > > JD
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > 
> > > > 
> > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/  
> > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp 
> > > ISA Server Articles and Tutorials: 
> > > http://www.isaserver.org/articles_tutorials/ 
> > > ISA Server Blogs: http://blogs.isaserver.org/ 
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com 
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> > > Report abuse to listadmin@xxxxxxxxxxxxx 
> > > 
> > > 
> > > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/  
> > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp 
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/ 
> > ISA Server Blogs: http://blogs.isaserver.org/ 
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com 
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> > Report abuse to listadmin@xxxxxxxxxxxxx 
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/  
> > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp 
> > ISA Server Articles and Tutorials: 
> > http://www.isaserver.org/articles_tutorials/ 
> > ISA Server Blogs: http://blogs.isaserver.org/ 
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com 
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> > Report abuse to listadmin@xxxxxxxxxxxxx 
> > 
> > 
> > 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• Follow-Ups:
  • [isalist] Re: OT: DNS and Forwarders
    • From: Greg Mulholland

Other related posts:

• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] Re: OT: DNS and Forwarders
• » [isalist] OT: DNS and Forwarders

1. Home
2. isalist
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---