ISA Always Blocks DNS Zone Transfers

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Tom <Tom@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Jan 2009 05:48:01 -0800

Hey Everyone,

I cannot seem to get a successful zone transfer from Internet cache servers
pulling from my master DNS server within my DMZ.

I have a published DNS Server rule and DNS queries work fine. However,
external Internet servers receive a "Denied Connection" error in the logging.
I have the Zone Transfer intrusion detection option disabled. I have also
tried turning off DNS Attack detection all together to no avail.

My DNS server is configured to perform a zone transfer to ANY server. The
DNS Server publishing rule does allow incoming TCP connections. Why does it
continue to deny incoming DNZ Zone transfer connections from the Internet?
.

Follow-Ups:
- Re: ISA Always Blocks DNS Zone Transfers
  - From: Jens Baier

Prev by Date: Block internet access - Problem using Firefox browser
Next by Date: Re: Block internet access - Problem using Firefox browser
Previous by thread: Block internet access - Problem using Firefox browser
Next by thread: Re: ISA Always Blocks DNS Zone Transfers
Index(es):
- Date
- Thread

Relevant Pages

Re: Any known issues withsp2 and non-sp xp ics?
... you might not be able to access the internet or some resources.This problem ... occured because the network did not assign a network address to the computer. ... from the network connections folder because it is not physically in the ... DNS Server: 192.168.0.1 or your ISP's DNS server ...
(microsoft.public.windowsxp.network_web)
Re: Internal LAN-Yes/Internet-No
... Make sure that your Gateway and DNS Server point to ... also that you only have 2 LACs (Local Area Connections). ... when I try to connect to the internet using my ...
(microsoft.public.windowsxp.general)
[NEWS] UKs Internet Infrastructure Open to Prying Eyes (Zone Transfers)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A full zone transfer against the first authoritive DNS server ... A zone transfer consists of copying the contents of a zone file from a DNS ...
(Securiteam)
Re: DNS Server sending packet to it self
... > Windows 2000 IP Configuration ... It should not forward to your other DNS server, ... UNLESS this one is a child and the other is its parent, ... Sending a zone transfer to itself or notifying itself of a zone transfer. ...
(microsoft.public.win2000.dns)
Re: DNS in VPNs
... > I have a dilema here, I want to run two ISP connections ... > LAN / internet traffic. ... > VPN, DSL for internet access, I have two domains outside ... > they will be going out through the DNS server that is ...
(microsoft.public.win2000.dns)