OK So what I was trying to figure out by posting here was how could ISA be letting these requests thru, and is it actually letting dns requests into our network (as it should not be). -----Original Message----- From: Bryan Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx] Sent: Monday, October 29, 2001 1:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Wierd DNS stuff... http://www.ISAserver.org OK - Jim and everyone, thanks for helping here as I know that this is not a dns group. Here is data from the dns log that happened when an outgoing email fails. This email should not be failing as I tested it from an outside account. This data is very cryptic to me though so any suggestions are appreciated. I will send another when I find it with the weird system events. Snd 10.1.2.14 45b4 R Q [8281 DR SERVFAIL] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP response info at 004DEFCC Socket = 496 Remote addr 10.1.2.14, port 47312 Time Query=2724995, Queued=2725007, Expire=2725010 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x45b4 Flags 0x8182 QR 1 (response) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 1 Z 0 RCODE 2 (SERVFAIL) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: Snd 209.228.15.4 1f70 Q [0000 NOERROR] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP question info at 00F3F00C Socket = 512 Remote addr 209.228.15.4, port 53 Time Query=0, Queued=0, Expire=0 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x1f70 Flags 0x0000 QR 0 (question) OPCODE 0 (QUERY) AA 0 TC 0 RD 0 RA 0 Z 0 RCODE 0 (NOERROR) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: Snd 209.228.14.4 1f70 Q [0000 NOERROR] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP question info at 00F3F00C Socket = 512 Remote addr 209.228.14.4, port 53 Time Query=0, Queued=0, Expire=0 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x1f70 Flags 0x0000 QR 0 (question) OPCODE 0 (QUERY) AA 0 TC 0 RD 0 RA 0 Z 0 RCODE 0 (NOERROR) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: Snd 10.1.2.14 45b4 R Q [8281 DR SERVFAIL] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP response info at 004D5D6C Socket = 496 Remote addr 10.1.2.14, port 47312 Time Query=2724999, Queued=2725011, Expire=2725014 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x45b4 Flags 0x8182 QR 1 (response) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 1 Z 0 RCODE 2 (SERVFAIL) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, October 24, 2001 2:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Wierd DNS stuff... http://www.ISAserver.org The log you should be reading is %SystemRoot%\system32\dns\dns.log. It's where the DNS services does the extended logging to. Jim Harrison MCP(NT4, 2K), A+, Network+, PCG ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bryan.andrews@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')