Re: Wierd DNS stuff...
- From: "Mark Strangways" <strangconst@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 9 Oct 2001 22:50:34 -0400
Well, it seems that your dns can't resolve the domain name inside a request
from 209.xxx.xxx.xxx
whatever you had quoted), so therefore your ad machine is not resolving
accurately enough.
There seems to be some security advantages to setting up DNS as per the prev.
post. There are a few
articles in "The Learning Zone" which you may want to view.
In your set-up does AD forward unresolved requests to your ISP? Or how does it
resolve these ?
I would rather my very important AD zones be protected from the external by
forwarding them to a
controllable know server, where I control the filters and other elements. Kinda
what I feel a
firewall is for ... take the abuse and hacks from the net, thereby protecting
other machines.
I suppose this is just my opinion, but my DNS work 100 % of the time . :-)
Regards,
Mark
----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, October 09, 2001 10:51 PM
Subject: [isalist] Re: Wierd DNS stuff...
http://www.ISAserver.org
Why would I want to put a dns on there? I'd rather keep everything
internal if I can... incoming dns resolves to external dns servers. My
internal dns only does resolving and internal requests.
Thanks!
-----Original Message-----
From: Mark Strangways [mailto:strangconst@xxxxxxxx]
Sent: Tuesday, October 09, 2001 10:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Wierd DNS stuff...
http://www.ISAserver.org
Can you set a DNS on your ISA machine, then forward from the AD machines
to the ISA DNS server for
any unresolved adds.
Set up your ISA DNS server to forward it's request's to your ISP's
resolvers.
You should find that offers better security and performance.
Regards,
Mark
----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, October 09, 2001 10:24 PM
Subject: [isalist] Wierd DNS stuff...
http://www.ISAserver.org
Hello All,
I have been having dns trouble intermittently where emails are bouncing
back (exchange2000) and I clear my dns caches and everything is ok.
Quick note about my setup:
1. ISA server w/ 2 nics, no DNS, no IIS, no etc
2. internal AD, DNS (AD integrated), E2K server
3. internal AD, DNS (AD integrated)
4. other boxes that are not important.
In troubleshooting I have noticed that I have repeated entries in my dns
for:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 10/2/2001
Time: 6:28:04 PM
User: N/A
Computer: TATL0S03
Description:
The DNS server encountered an invalid domain name in a packet from
209.235.102.18. The packet is rejected.
AND
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 10/2/2001
Time: 6:28:04 PM
User: N/A
Computer: TATL0S03
Description:
The DNS server encountered an invalid domain name in a packet from
209.235.102.17. The packet is rejected.
I have no idea why this is happening. I did digs and do not recognize
this address, and whats more, I don't really understand how dns would be
talking to this ip thru the firewall... often and repeatedly.
Has anyone else seen this before is this something I should worry about?
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
strangconst@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
strangconst@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
