My W2K3 DNS responds to TCP queries, but not UDP. It appears that something
in the O/S is filtering/blocking UDP/53 to the DNS server, but I have no idea
what. I've determined this by turning on the DNS debug log - no query is
received.
Situation:
- Standalone (workgroup) machine with IIS and a few other bits installed. No
DHCP or WINS
- Windows Firewall disabled
- Will answer using nslookup on machine itself, but not from another machine
in the same LAN segment - no firewall/router in between.
- Public IP address

I've searched everywhere for an answer but so far no clue. I've even changed
to a 3rd-party DNS server, which exactly the same results.

PeterR wrote:
> My W2K3 DNS responds to TCP queries, but not UDP. It appears that
> something in the O/S is filtering/blocking UDP/53 to the DNS server,
> but I have no idea what. I've determined this by turning on the DNS
> debug log - no query is received.
> Situation:
> - Standalone (workgroup) machine with IIS and a few other bits
> installed. No DHCP or WINS
> - Windows Firewall disabled
> - Will answer using nslookup on machine itself, but not from another
> machine in the same LAN segment - no firewall/router in between.
> - Public IP address
>
> I've searched everywhere for an answer but so far no clue. I've even
> changed to a 3rd-party DNS server, which exactly the same results.

What other services are installed and running?

There are only a couple of services that have packet filtering ability, one
Windows firewall, another is in the TCP/IP properties, Advanced button,
Options tab, another would be in RRAS. Some AV programs also come with a
firewall. A 'net start' command will give you a list of running services,
and one may jump out at you as a suspect.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

Hi

If both servers are in the same lan and no FW configured between them you
must have something else between them, please recheck again your
configuration antivirus, any third party tool installed on the servers.

--
I hope that the information above s you
Good Luck

Jorge Silva
MCSA
Systems Administrator

"PeterR" <PeterR@discussions.microsoft.com> wrote in message
news:652F567B-0936-47FB-B26B-226B24A00F1D@microsoft.com...
> My W2K3 DNS responds to TCP queries, but not UDP. It appears that
> something
> in the O/S is filtering/blocking UDP/53 to the DNS server, but I have no
> idea
> what. I've determined this by turning on the DNS debug log - no query is
> received.
> Situation:
> - Standalone (workgroup) machine with IIS and a few other bits installed.
> No
> DHCP or WINS
> - Windows Firewall disabled
> - Will answer using nslookup on machine itself, but not from another
> machine
> in the same LAN segment - no firewall/router in between.
> - Public IP address
>
> I've searched everywhere for an answer but so far no clue. I've even
> changed
> to a 3rd-party DNS server, which exactly the same results.

Kevin, Jorge,
Many thanks for your thoughts. Unfortunately I've been here before:
- IP filtering on the connection is NOT ENABLED
- RRAS is disabled - although it had previously been running.

I'm wondering if there's someting left over from RRAS that may be causing
this?

Thanks again,
Peter

"Jorge Silva" wrote:

> Hi
>
> If both servers are in the same lan and no FW configured between them you
> must have something else between them, please recheck again your
> configuration antivirus, any third party tool installed on the servers.
>
> --
> I hope that the information above s you
> Good Luck
>
> Jorge Silva
> MCSA
> Systems Administrator
>
> "PeterR" <PeterR@discussions.microsoft.com> wrote in message
> news:652F567B-0936-47FB-B26B-226B24A00F1D@microsoft.com...
> > My W2K3 DNS responds to TCP queries, but not UDP. It appears that
> > something
> > in the O/S is filtering/blocking UDP/53 to the DNS server, but I have no
> > idea
> > what. I've determined this by turning on the DNS debug log - no query is
> > received.
> > Situation:
> > - Standalone (workgroup) machine with IIS and a few other bits installed.
> > No
> > DHCP or WINS
> > - Windows Firewall disabled
> > - Will answer using nslookup on machine itself, but not from another
> > machine
> > in the same LAN segment - no firewall/router in between.
> > - Public IP address
> >
> > I've searched everywhere for an answer but so far no clue. I've even
> > changed
> > to a 3rd-party DNS server, which exactly the same results.
>
>

run portqry from ms site and check port availability


--
I hope that the information above s you
Good Luck

Jorge Silva
MCSA
Systems Administrator

"PeterR" <PeterR@discussions.microsoft.com> wrote in message
news:1DAEB766-43AC-4EEA-AF65-502868F02E3A@microsoft.com...
> Kevin, Jorge,
> Many thanks for your thoughts. Unfortunately I've been here before:
> - IP filtering on the connection is NOT ENABLED
> - RRAS is disabled - although it had previously been running.
>
> I'm wondering if there's someting left over from RRAS that may be causing
> this?
>
> Thanks again,
> Peter
>
> "Jorge Silva" wrote:
>
>> Hi
>>
>> If both servers are in the same lan and no FW configured between them you
>> must have something else between them, please recheck again your
>> configuration antivirus, any third party tool installed on the servers.
>>
>> --
>> I hope that the information above s you
>> Good Luck
>>
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "PeterR" <PeterR@discussions.microsoft.com> wrote in message
>> news:652F567B-0936-47FB-B26B-226B24A00F1D@microsoft.com...
>> > My W2K3 DNS responds to TCP queries, but not UDP. It appears that
>> > something
>> > in the O/S is filtering/blocking UDP/53 to the DNS server, but I have
>> > no
>> > idea
>> > what. I've determined this by turning on the DNS debug log - no query
>> > is
>> > received.
>> > Situation:
>> > - Standalone (workgroup) machine with IIS and a few other bits
>> > installed.
>> > No
>> > DHCP or WINS
>> > - Windows Firewall disabled
>> > - Will answer using nslookup on machine itself, but not from another
>> > machine
>> > in the same LAN segment - no firewall/router in between.
>> > - Public IP address
>> >
>> > I've searched everywhere for an answer but so far no clue. I've even
>> > changed
>> > to a 3rd-party DNS server, which exactly the same results.
>>
>>

In news:1DAEB766-43AC-4EEA-AF65-502868F02E3A@microsoft.com,
PeterR <PeterR@discussions.microsoft.com> stated, which I commented on
below:
> Kevin, Jorge,
> Many thanks for your thoughts. Unfortunately I've been here before:
> - IP filtering on the connection is NOT ENABLED
> - RRAS is disabled - although it had previously been running.
>
> I'm wondering if there's someting left over from RRAS that may be
> causing this?
>
> Thanks again,
> Peter

Curious, was Zone Alarm ever installed?

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

All,
Thanks for your , and no, ZoneAlarm has never been installed.

I have finally found the answer. After actually visiting the DC where the
box is and connecting via a separate switch, we found the server was indeed
responding. Seems that despite all claims to the contrary, the DC had
implemented filtering in their switches for the subnet/LAN - behind their
firewall. Removing these solved the problem.

Hours of work chasing a problem that didn't exist arrgh!! Thanks again for
everyone's input.
Peter

"Ace Fekay [MVP]" wrote:

> In news:1DAEB766-43AC-4EEA-AF65-502868F02E3A@microsoft.com,
> PeterR <PeterR@discussions.microsoft.com> stated, which I commented on
> below:
> > Kevin, Jorge,
> > Many thanks for your thoughts. Unfortunately I've been here before:
> > - IP filtering on the connection is NOT ENABLED
> > - RRAS is disabled - although it had previously been running.
> >
> > I'm wondering if there's someting left over from RRAS that may be
> > causing this?
> >
> > Thanks again,
> > Peter
>
> Curious, was Zone Alarm ever installed?
>
> --
> Ace
> Innovative IT Concepts, Inc (IITCI)
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...
>
>
>

Ahhhh... so I was right you had something between them
Gald you solved...

--
I hope that the information above s you
Good Luck

Jorge Silva
MCSA
Systems Administrator

"PeterR" <PeterR@discussions.microsoft.com> wrote in message
news:6437A672-457A-47B6-BE91-7D6680F3BB65@microsoft.com...
> All,
> Thanks for your , and no, ZoneAlarm has never been installed.
>
> I have finally found the answer. After actually visiting the DC where the
> box is and connecting via a separate switch, we found the server was
> indeed
> responding. Seems that despite all claims to the contrary, the DC had
> implemented filtering in their switches for the subnet/LAN - behind their
> firewall. Removing these solved the problem.
>
> Hours of work chasing a problem that didn't exist arrgh!! Thanks again for
> everyone's input.
> Peter
>
> "Ace Fekay [MVP]" wrote:
>
>> In news:1DAEB766-43AC-4EEA-AF65-502868F02E3A@microsoft.com,
>> PeterR <PeterR@discussions.microsoft.com> stated, which I commented on
>> below:
>> > Kevin, Jorge,
>> > Many thanks for your thoughts. Unfortunately I've been here before:
>> > - IP filtering on the connection is NOT ENABLED
>> > - RRAS is disabled - although it had previously been running.
>> >
>> > I'm wondering if there's someting left over from RRAS that may be
>> > causing this?
>> >
>> > Thanks again,
>> > Peter
>>
>> Curious, was Zone Alarm ever installed?
>>
>> --
>> Ace
>> Innovative IT Concepts, Inc (IITCI)
>> Willow Grove, PA
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
>> Microsoft MVP - Directory Services
>> Microsoft Certified Trainer
>>
>> Having difficulty reading or finding responses to your post?
>> Instead of the website you're using, I suggest to use OEx (Outlook
>> Express
>> or any other newsreader), and configure a news account, pointing to
>> news.microsoft.com. This is a direct link to the Microsoft Public
>> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
>> you
>> to easily find, track threads, cross-post, sort by date, poster's name,
>> watched threads or subject.
>> It's easy:
>>
>> How to Configure OEx for Internet News
>> http://support.microsoft.com/?id=171164
>>
>> Infinite Diversities in Infinite Combinations
>> Assimilation Imminent. Resistance is Futile
>> "Very funny Scotty. Now, beam down my clothes."
>>
>> The only constant in life is change...
>>
>>
>>

In news:6437A672-457A-47B6-BE91-7D6680F3BB65@microsoft.com,
PeterR <PeterR@discussions.microsoft.com> stated, which I commented on
below:
> All,
> Thanks for your , and no, ZoneAlarm has never been installed.
>
> I have finally found the answer. After actually visiting the DC where
> the box is and connecting via a separate switch, we found the server
> was indeed responding. Seems that despite all claims to the contrary,
> the DC had implemented filtering in their switches for the subnet/LAN
> - behind their firewall. Removing these solved the problem.
>
> Hours of work chasing a problem that didn't exist arrgh!! Thanks
> again for everyone's input.
> Peter

Same here, glad you figured it out. Blocked ports! And it's funny the admins
will not confess to blocking ports until confronted with proof!

Ace