Re: ISA Always Blocks DNS Zone Transfers
- From: Tom <Tom@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Jan 2009 09:13:01 -0800
I normally use transfer to selected servers only, but I am performing a
temporary tests to eliminate all variables.
I do allow both TCP Incoming and Receive Send UDP. All TCP requests are
denied for some reason. I even split the UDP and TCP traffic so I could
better track it. So far all UDP queries are working, but no TCP zone
transfers are working.
My DNS server is on a NAT network, but published with Internet information.
Maybe the NAT is inteferring with the Zone Transfer.
"Jens Baier" wrote:
Hi,.
My DNS server is configured to perform a zone transfer to ANY server.
You should change this setting only to allowed DNS Servers!
The DNS Server publishing rule does allow incoming TCP connections. Why
does it
continue to deny incoming DNZ Zone transfer connections from the Internet?
DNS zone transfer uses TCP instead of UDP. Have you check your rules /
protocol definition?
ISA logging should show you the denied conenctions and the reason for that
--
Gruss Jens
www.it-training-grote.de/blog
www.it-training-grote.de
www.nt-faq.de
- Follow-Ups:
- Re: ISA Always Blocks DNS Zone Transfers
- From: Phillip Windell
- Re: ISA Always Blocks DNS Zone Transfers
- References:
- ISA Always Blocks DNS Zone Transfers
- From: Tom
- Re: ISA Always Blocks DNS Zone Transfers
- From: Jens Baier
- ISA Always Blocks DNS Zone Transfers
- Prev by Date: Re: ISA Always Blocks DNS Zone Transfers
- Next by Date: Re: ISA Always Blocks DNS Zone Transfers
- Previous by thread: Re: ISA Always Blocks DNS Zone Transfers
- Next by thread: Re: ISA Always Blocks DNS Zone Transfers
- Index(es):
Relevant Pages
|
