PHWinfo - Afficher un message

21/07/2006, 09h55

Hi Kevin,

It was advised that we use dhcp to provide dns settings such as the external
dns. I never understood why they had us provide client's with external dns
when we use a proxy server. Maybe the installation of a new firewall etc..
will resolve this issue. Then I can remove external dns. See some clients
access pop3 mail from external server's and without having external dns
entries the clients are unable to recieve mail.

Maybe the problem is with ISA 2000 which is due to be upgraded. Any comments
would be great. Thank you.

Regards

AB

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Aaron (ireland) wrote:
> > Ok all is in working order now what I did was point the primary dns
> > address of the server to it's own ip but left the external dns as the
> > mail server cannot send mail unless I use the external dns. Then I
> > modified dhcp to update cleint's dns to use server as primary dns and
> > also left other dns entries in place. This has solved all my issue's
> > for now.
>
> This does not solve your issue, it only temporarily hides it, the DNS client
> will stick to a DNS that gives an answer. So if the internal DNS cannot
> resolve an external name it will switch to the external DNS and keep using
> it until the TCP/IP stack is reset, (default 20 min). During this time the
> client will not resolve internal addresses because the external DNS has no
> way to resolve anything only your LAN, so it answers NXDOMAIN, which is an
> answer the client will accept and it will keep on using the external DNS.
>
> The solution is that ALL internal clients MUST use the internal DNS, period.
>
> If the internal DNS cannot resolve external names, that must be fixed, you
> cannot mix DNS servers that cannot resolve every name the client will ever
> need resolved.
> Check the internal DNS for the existence of a "." (root) forward lookup
> zone, if it has one, delete it, this will enable root hints. (Win2k3
> actually asks you if you want to enable root hints, click Yes.) You can
> optionally enable a forwarder, which I don't like because if it (DNS) uses a
> forwarder, DNS usually won't cache NS records unless they are specifically
> queried for. By using Root hints, NS records are cached so the internal DNS
> knows where to go to get an Authoritative answer the next time a query comes
> in for the same domain, even if it is a different host than the previous
> query.
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

21/07/2006, 09h55	#5
Aaron (ireland) Messages: n/a Hébergeur:	Re: Event ID 1053 and network problems Hi Kevin, It was advised that we use dhcp to provide dns settings such as the external dns. I never understood why they had us provide client's with external dns when we use a proxy server. Maybe the installation of a new firewall etc.. will resolve this issue. Then I can remove external dns. See some clients access pop3 mail from external server's and without having external dns entries the clients are unable to recieve mail. Maybe the problem is with ISA 2000 which is due to be upgraded. Any comments would be great. Thank you. Regards AB "Kevin D. Goodknecht Sr. [MVP]" wrote: > Aaron (ireland) wrote: > > Ok all is in working order now what I did was point the primary dns > > address of the server to it's own ip but left the external dns as the > > mail server cannot send mail unless I use the external dns. Then I > > modified dhcp to update cleint's dns to use server as primary dns and > > also left other dns entries in place. This has solved all my issue's > > for now. > > This does not solve your issue, it only temporarily hides it, the DNS client > will stick to a DNS that gives an answer. So if the internal DNS cannot > resolve an external name it will switch to the external DNS and keep using > it until the TCP/IP stack is reset, (default 20 min). During this time the > client will not resolve internal addresses because the external DNS has no > way to resolve anything only your LAN, so it answers NXDOMAIN, which is an > answer the client will accept and it will keep on using the external DNS. > > The solution is that ALL internal clients MUST use the internal DNS, period. > > If the internal DNS cannot resolve external names, that must be fixed, you > cannot mix DNS servers that cannot resolve every name the client will ever > need resolved. > Check the internal DNS for the existence of a "." (root) forward lookup > zone, if it has one, delete it, this will enable root hints. (Win2k3 > actually asks you if you want to enable root hints, click Yes.) You can > optionally enable a forwarder, which I don't like because if it (DNS) uses a > forwarder, DNS usually won't cache NS records unless they are specifically > queried for. By using Root hints, NS records are cached so the internal DNS > knows where to go to get an Authoritative answer the next time a query comes > in for the same domain, even if it is a different host than the previous > query. > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > https://secure.lsaol.com/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > > >