Well, it seems that your dns can't resolve the domain name inside a request from 209.xxx.xxx.xxx whatever you had quoted), so therefore your ad machine is not resolving accurately enough. There seems to be some security advantages to setting up DNS as per the prev. post. There are a few articles in "The Learning Zone" which you may want to view. In your set-up does AD forward unresolved requests to your ISP? Or how does it resolve these ? I would rather my very important AD zones be protected from the external by forwarding them to a controllable know server, where I control the filters and other elements. Kinda what I feel a firewall is for ... take the abuse and hacks from the net, thereby protecting other machines. I suppose this is just my opinion, but my DNS work 100 % of the time . :-) Regards, Mark ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, October 09, 2001 10:51 PM Subject: [isalist] Re: Wierd DNS stuff... http://www.ISAserver.org Why would I want to put a dns on there? I'd rather keep everything internal if I can... incoming dns resolves to external dns servers. My internal dns only does resolving and internal requests. Thanks! -----Original Message----- From: Mark Strangways [mailto:strangconst@xxxxxxxx] Sent: Tuesday, October 09, 2001 10:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Wierd DNS stuff... http://www.ISAserver.org Can you set a DNS on your ISA machine, then forward from the AD machines to the ISA DNS server for any unresolved adds. Set up your ISA DNS server to forward it's request's to your ISP's resolvers. You should find that offers better security and performance. Regards, Mark ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, October 09, 2001 10:24 PM Subject: [isalist] Wierd DNS stuff... http://www.ISAserver.org Hello All, I have been having dns trouble intermittently where emails are bouncing back (exchange2000) and I clear my dns caches and everything is ok. Quick note about my setup: 1. ISA server w/ 2 nics, no DNS, no IIS, no etc 2. internal AD, DNS (AD integrated), E2K server 3. internal AD, DNS (AD integrated) 4. other boxes that are not important. In troubleshooting I have noticed that I have repeated entries in my dns for: Event Type: Warning Event Source: DNS Event Category: None Event ID: 5504 Date: 10/2/2001 Time: 6:28:04 PM User: N/A Computer: TATL0S03 Description: The DNS server encountered an invalid domain name in a packet from 209.235.102.18. The packet is rejected. AND Event Type: Warning Event Source: DNS Event Category: None Event ID: 5504 Date: 10/2/2001 Time: 6:28:04 PM User: N/A Computer: TATL0S03 Description: The DNS server encountered an invalid domain name in a packet from 209.235.102.17. The packet is rejected. I have no idea why this is happening. I did digs and do not recognize this address, and whats more, I don't really understand how dns would be talking to this ip thru the firewall... often and repeatedly. Has anyone else seen this before is this something I should worry about? ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: strangconst@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: strangconst@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')