Re: Weird DNS behavior
- From: Edward <Edward@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Nov 2005 07:07:06 -0800
Kevin, thanks for the tip. Yes, that fixed the problem.
I made the change on my PIX and surely, all my problems went away.
I also checked using Ethereal and I found a few error queries which is what
triggered my DNS suspicions.
Thanks again for your help.
"Kevin D. Goodknecht Sr. [MVP]" wrote:
> Edward <Edward@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > I have two 'internal' DNS for AD and one 'external' DNS used for
> > web/ftp sites. All my DNS servers are behind a firewall and,
> > obviously, DNS ports are
> > opened for these three servers.
> >
> > Through DHPC all my users get assigned these two (internal) dns
> > servers as primary and secondary. My servers use these same DNS
> > servers to resolve
> > names, through static IP configuration.
> >
> > My users are able to browse almost every site on the web.
> > However, I just found out that there are a few websites that either
> > take a long time to resolve or they just time out. Some of these
> > sites are yahoo and aol.
> >
> > Doing an nslookup and setting type to mx, these two domains time out
> > and
> > this is preventing some of my emails to go to those domains.
> > Browsing these sites is also slow, so I had to setup a forward, for
> > now, to get things going when browsing.
> >
> > Have any of you guys seen anything like this or have any suggestions
> > to fix this behavior?
>
> In all likelihood, you have to either fix the firewall to allow DNS to use
> EDNS query responses or disable EDNS on the servers. I recommend to fix the
> firewall as it improves the efficiency of DNS by allowing the remote DNS to
> respond using UDP Packets over 512 bytes. UDP connections are more efficient
> and require less overhead to set up. However, some firewalls, such as the
> Cisco PIX, block these UDP packets, because they exceed 512 bytes.
>
> DNS query responses do not travel through a firewall in Windows Server 2003:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP
>
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
.
- References:
- Re: Weird DNS behavior
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: Weird DNS behavior
- Prev by Date: Re: Using nslookup, how can I determine the contents of a secondary zone on the Internet?
- Next by Date: Re: missing stealth name servers and stealth NS record leakage????
- Previous by thread: Re: Weird DNS behavior
- Next by thread: Re: Weird DNS behavior
- Index(es):
