Re: Nslookup fails for external lookups

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 07/17/04

• Next message: Ace Fekay [MVP]: "Re: Move DNS services to another 2000 AS"
• Previous message: Adrian Marsh: "Move DNS services to another 2000 AS"
• In reply to: Kyle Heath: "Re: Nslookup fails for external lookups"
• Next in thread: Kyle Heath: "Re: Nslookup fails for external lookups"
• Reply: Kyle Heath: "Re: Nslookup fails for external lookups"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 17 Jul 2004 10:25:36 -0400

In news:uHKsSX$aEHA.2408@tk2msftngp13.phx.gbl,
Kyle Heath <uce@cscm.co.uk> asked for help and I offered my suggestions
below:
> Yes I have a rule for the server to use UDP 53 send/receive and also a
> packet filter for DNS on the ISA Server itself.
>
> I can perform the lookups if I specify an external server, its just
> the forwarder on my DNS server that seems to timeout?
>

You'll need to allow TCP 53 as well, to get answers for some domains such as
AOL, Yahoo, Hotmail, etc, because their responses are large. UDP is used
when the packet size is below 512 bytes. If the answer is greater than 512,
the transport is changed to TCP. If using W2k3 DNS, it has a new feature
called EDNS0 which allows UDP packets greater than 512.

Give that a shot and let us know!

-- 
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
-- 
=================================

---

• Next message: Ace Fekay [MVP]: "Re: Move DNS services to another 2000 AS"
• Previous message: Adrian Marsh: "Move DNS services to another 2000 AS"
• In reply to: Kyle Heath: "Re: Nslookup fails for external lookups"
• Next in thread: Kyle Heath: "Re: Nslookup fails for external lookups"
• Reply: Kyle Heath: "Re: Nslookup fails for external lookups"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: AOL - Transaction Failed ... Note that a 512-octet UDP payload requires a 576-octet IP ... to enable/disable the DNS fixup. ... This feature is added to the fixup protocol command in the PIX Firewall ... > their server with explination. ... (microsoft.public.exchange.admin) Re: Rephrasing my UDP question ... DNS requests through TCP port 4242 on localhost which is tunneled through SSH ... to TCP port 4242 on the localhost of your shell server. ... When `server` gets a response from the real DNS server it forwards that packet through ... > I'm just really confused as to how these UDP-over-TCP tunnel programs know ... (comp.unix.programmer) Re: Oracle listener redirect configure help ... server resolve it, is because when the redirect packet hits my host, I ... want my host to resolve the DNS name, instead of having to use the IP ... The server sees the connection, makes the tcp 3 way handshake (passing ... (comp.databases.oracle.server) Re: Oracle listener redirect configure help ... server resolve it, is because when the redirect packet hits my host, I ... want my host to resolve the DNS name, instead of having to use the IP ... The server sees the connection, makes the tcp 3 way handshake (passing ... (comp.databases.oracle.server) Re: HTTP over both TCP and UDP ... but we're not talking about using UDP. ... with TCP packets. ... routers, and the server. ... you put a sequence number in the UDP packet. ... (comp.os.linux.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.dns  > 2004-07