Re: Problem with DNS Publishing
From: J.C. Hornbeck [MSFT] (jchornbe_at_online.microsoft.com)
Date: 03/19/04
- Previous message: Ryan Gregg: "Problem with DNS Publishing"
- In reply to: Ryan Gregg: "Problem with DNS Publishing"
- Next in thread: Bloopy: "Re: Problem with DNS Publishing"
- Reply: Bloopy: "Re: Problem with DNS Publishing"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 19 Mar 2004 09:08:22 -0600
Hi Ryan, one thing you might try if you haven't already is the UDP specific
site and content rule mentioned in this article:
301351 - Server Publishing Rules May Not Permit Inbound UDP Packets Through
to Published Server (http://support.microsoft.com/?id=301351).
Also check out:
331065 - MS03-009: A Problem in the ISA Server DNS Intrusion Detection
Filter May Cause Denial of Service
(http://support.microsoft.com/?id=331065).
As always, make sure you're on SP1 and feature pack 1. Lastly, make sure
that ISA server is not running DNS itself while also trying to publish an
internal DNS. That can give you inconsistent results similar to what you're
seeing.
-- J.C. Hornbeck, MCSE Microsoft Product Support NOTE: Please reply to the newsgroup and not directly to me. This allows others to add to and benefit from these threads and also helps to ensure a more timely response. Thank you! This posting is provided "AS IS" without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. "Ryan Gregg" <ryan@ryangregg.com> wrote in message news:ODJLPYUDEHA.3568@tk2msftngp13.phx.gbl... > I'm running into all sorts of problems with DNS publishing, and I'm hoping > someone here can help me. > > I've got ISA 2000 w/ SP1&FP1 running on a Windows 2003 Server box, dual > homed with three external IP addresses. The primary address on the box is > .81. I have publishing rules configured to allow DNS Query Server and DNS > Zone Transfer both using the .81 address for the external, and the IP of the > DNS server for the internal addresses (a separate box from the ISA server). > > I also have setup IP Packet filter rules to allow DNS query and domain > transfer packets in either direction. > > When I first set everything up, I wasn't have any problems. From outside the > ISA server I could do an nslookup of a domain on the DNS server using the > .81 address, and it would return the results. However, after letting it run > overnight, in the morning I was unable to query the DNS server. If I fiddle > with the connection some more, not really changing anything, then I can get > it to work again for a short period of time, but it always reverts back to > not working. I'm really stuck on the issue, and I can't figure out what's > going on. > > The packet filter log files don't indicate that DNS packets are being > blocked, and I can't seem to find any other source of error. > > I've looked at KB article 810559, "FIX: Slow responses and failures when you > use server publishing UDP protocols", but I don't seem to meet all of the > symptoms (I don't have any deny rules in the site and content rule settings, > and I do have an Allow All rule configured). > > Any help would be greatly appreciated. > > Ryan Gregg > >
- Previous message: Ryan Gregg: "Problem with DNS Publishing"
- In reply to: Ryan Gregg: "Problem with DNS Publishing"
- Next in thread: Bloopy: "Re: Problem with DNS Publishing"
- Reply: Bloopy: "Re: Problem with DNS Publishing"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
