| Author |
Message |
KenM
Guest
|
 Posted:
Sat Jan 29, 2005 6:47 am Post subject:
Windows DNS and RBL Lookups |
|
|
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall on a
windows server 2003 server with DNS running. I have about 20 local hosts
entered and am basically just using it to prevent creating hosts files for
everyone. I have setup my ISPs DNS as a forwarder to handle all of the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names, but I
can't seem to get it to work correctly to do RBL lookups. For example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but instead, my DNS
just times out. If I set my ISPs DNS as the name server, the RBL resolves
back to 127.0.0.2 just fine. The same appears to be true from my email
gateway. When it is set to use the ISP DNS for resolution, the RBL lookups
work good, but when the local DNS is used, the lookups are slow and fail.
I have been searching the internet for info on what might be the cause of
this, but so far, all I have found is that "if it doesn't work, there is
something configured wrong in my DNS server", but no clue as to what it might
be.
If anyone can help get me pointed in the right direction it would be greatly
appreciated!!
Thanks.
Ken |
|
| Back to top |
|
 |
KenM
Guest
|
| Posted:
Sat Jan 29, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
I removed the forwarder and it seems to work just fine. Thank you!!
"neo [mvp outlook]" wrote:
| Quote: | Out of curiosity, why do you use forward lookups? Why not just let the
server go straight to the internet and see if you get the same results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall on a
windows server 2003 server with DNS running. I have about 20 local hosts
entered and am basically just using it to prevent creating hosts files for
everyone. I have setup my ISPs DNS as a forwarder to handle all of the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names, but I
can't seem to get it to work correctly to do RBL lookups. For example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but instead, my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL resolves
back to 127.0.0.2 just fine. The same appears to be true from my email
gateway. When it is set to use the ISP DNS for resolution, the RBL
lookups
work good, but when the local DNS is used, the lookups are slow and fail.
I have been searching the internet for info on what might be the cause of
this, but so far, all I have found is that "if it doesn't work, there is
something configured wrong in my DNS server", but no clue as to what it
might
be.
If anyone can help get me pointed in the right direction it would be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Sat Jan 29, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
Out of curiosity, why do you use forward lookups? Why not just let the
server go straight to the internet and see if you get the same results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
| Quote: | I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall on a
windows server 2003 server with DNS running. I have about 20 local hosts
entered and am basically just using it to prevent creating hosts files for
everyone. I have setup my ISPs DNS as a forwarder to handle all of the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names, but I
can't seem to get it to work correctly to do RBL lookups. For example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but instead, my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL resolves
back to 127.0.0.2 just fine. The same appears to be true from my email
gateway. When it is set to use the ISP DNS for resolution, the RBL
lookups
work good, but when the local DNS is used, the lookups are slow and fail.
I have been searching the internet for info on what might be the cause of
this, but so far, all I have found is that "if it doesn't work, there is
something configured wrong in my DNS server", but no clue as to what it
might
be.
If anyone can help get me pointed in the right direction it would be
greatly
appreciated!!
Thanks.
Ken |
|
|
| Back to top |
|
|
KenM
Guest
|
| Posted:
Sat Jan 29, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only using it
for local hosts, that I should have it forward all other requests to my ISP
DNS.
Are you suggesting that I remove the forwarder and just use root hints?
"neo [mvp outlook]" wrote:
| Quote: | Out of curiosity, why do you use forward lookups? Why not just let the
server go straight to the internet and see if you get the same results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall on a
windows server 2003 server with DNS running. I have about 20 local hosts
entered and am basically just using it to prevent creating hosts files for
everyone. I have setup my ISPs DNS as a forwarder to handle all of the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names, but I
can't seem to get it to work correctly to do RBL lookups. For example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but instead, my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL resolves
back to 127.0.0.2 just fine. The same appears to be true from my email
gateway. When it is set to use the ISP DNS for resolution, the RBL
lookups
work good, but when the local DNS is used, the lookups are slow and fail.
I have been searching the internet for info on what might be the cause of
this, but so far, all I have found is that "if it doesn't work, there is
something configured wrong in my DNS server", but no clue as to what it
might
be.
If anyone can help get me pointed in the right direction it would be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Sun Jan 30, 2005 2:45 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
| Quote: | Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only using it
for local hosts, that I should have it forward all other requests to my
ISP
DNS.
|
That is perfectly fine IF the ISP DNS is reliable.
| Quote: | Are you suggesting that I remove the forwarder and just use root hints?
|
You method is perfect fine (better than this actually)
so I believe that he was suggesting you try it to see if
this changes the behavior -- that might be useful if the
ISP has an unreliable DNS server but it would not
be my first choice with a reputable ISP.
How about we approach it systematically? (Unless you
are satisfied that it now "works" from your other post...)
You can test against each DNS server in the chain by
using NSLookup (ignore any initial report of being unable
to find the name of the SERVER, it's a bogus NSLookup
error.)
nslookup www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
You might have to play around with the "timeout" (-time=10)
so see if delaying for slow answers helps:
nslookup -time=10 www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup -time=10 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
| Quote: | Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only using it
for local hosts, that I should have it forward all other requests to my
ISP
DNS.
Are you suggesting that I remove the forwarder and just use root hints?
"neo [mvp outlook]" wrote:
Out of curiosity, why do you use forward lookups? Why not just let the
server go straight to the internet and see if you get the same results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall on a
windows server 2003 server with DNS running. I have about 20 local
hosts
entered and am basically just using it to prevent creating hosts files
for
everyone. I have setup my ISPs DNS as a forwarder to handle all of
the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names, but
I
can't seem to get it to work correctly to do RBL lookups. For
example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but instead,
my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL
resolves
back to 127.0.0.2 just fine. The same appears to be true from my
email
gateway. When it is set to use the ISP DNS for resolution, the RBL
lookups
work good, but when the local DNS is used, the lookups are slow and
fail.
I have been searching the internet for info on what might be the cause
of
this, but so far, all I have found is that "if it doesn't work, there
is
something configured wrong in my DNS server", but no clue as to what
it
might
be.
If anyone can help get me pointed in the right direction it would be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
KenM
Guest
|
| Posted:
Mon Jan 31, 2005 6:46 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
Hi Herb...
Thanks for your response...To be honest, I am satisfied that it works
without the forwarder. All of the lookups seem a bit quicker this way.
I am curious though....I did try the
"nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS"
and it came back just fine and quick. How would I find the next DNS in the
chain?
Thanks
Ken
"Herb Martin" wrote:
| Quote: | "KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only using it
for local hosts, that I should have it forward all other requests to my
ISP
DNS.
That is perfectly fine IF the ISP DNS is reliable.
Are you suggesting that I remove the forwarder and just use root hints?
You method is perfect fine (better than this actually)
so I believe that he was suggesting you try it to see if
this changes the behavior -- that might be useful if the
ISP has an unreliable DNS server but it would not
be my first choice with a reputable ISP.
How about we approach it systematically? (Unless you
are satisfied that it now "works" from your other post...)
You can test against each DNS server in the chain by
using NSLookup (ignore any initial report of being unable
to find the name of the SERVER, it's a bogus NSLookup
error.)
nslookup www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
You might have to play around with the "timeout" (-time=10)
so see if delaying for slow answers helps:
nslookup -time=10 www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup -time=10 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only using it
for local hosts, that I should have it forward all other requests to my
ISP
DNS.
Are you suggesting that I remove the forwarder and just use root hints?
"neo [mvp outlook]" wrote:
Out of curiosity, why do you use forward lookups? Why not just let the
server go straight to the internet and see if you get the same results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall on a
windows server 2003 server with DNS running. I have about 20 local
hosts
entered and am basically just using it to prevent creating hosts files
for
everyone. I have setup my ISPs DNS as a forwarder to handle all of
the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names, but
I
can't seem to get it to work correctly to do RBL lookups. For
example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but instead,
my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL
resolves
back to 127.0.0.2 just fine. The same appears to be true from my
email
gateway. When it is set to use the ISP DNS for resolution, the RBL
lookups
work good, but when the local DNS is used, the lookups are slow and
fail.
I have been searching the internet for info on what might be the cause
of
this, but so far, all I have found is that "if it doesn't work, there
is
something configured wrong in my DNS server", but no clue as to what
it
might
be.
If anyone can help get me pointed in the right direction it would be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Tue Feb 01, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:7DADECD6-20EF-4C93-8AD7-90C089E15A51@microsoft.com...
| Quote: | Hi Herb...
Thanks for your response...To be honest, I am satisfied that it works
without the forwarder. All of the lookups seem a bit quicker this way.
I am curious though....I did try the
"nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS"
and it came back just fine and quick. How would I find the next DNS in
the
chain?
|
You would probably have to know it --
that is go to the DNS server and see who
you have it forwarding to, or ask the ISP
if you have forgotten the appropriate
address.
--
Herb Martin
| Quote: |
Thanks
Ken
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests to
my
ISP
DNS.
That is perfectly fine IF the ISP DNS is reliable.
Are you suggesting that I remove the forwarder and just use root
hints?
You method is perfect fine (better than this actually)
so I believe that he was suggesting you try it to see if
this changes the behavior -- that might be useful if the
ISP has an unreliable DNS server but it would not
be my first choice with a reputable ISP.
How about we approach it systematically? (Unless you
are satisfied that it now "works" from your other post...)
You can test against each DNS server in the chain by
using NSLookup (ignore any initial report of being unable
to find the name of the SERVER, it's a bogus NSLookup
error.)
nslookup www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
You might have to play around with the "timeout" (-time=10)
so see if delaying for slow answers helps:
nslookup -time=10 www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup -time=10 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests to
my
ISP
DNS.
Are you suggesting that I remove the forwarder and just use root
hints?
"neo [mvp outlook]" wrote:
Out of curiosity, why do you use forward lookups? Why not just let
the
server go straight to the internet and see if you get the same
results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall
on a
windows server 2003 server with DNS running. I have about 20
local
hosts
entered and am basically just using it to prevent creating hosts
files
for
everyone. I have setup my ISPs DNS as a forwarder to handle all
of
the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names,
but
I
can't seem to get it to work correctly to do RBL lookups. For
example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but
instead,
my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL
resolves
back to 127.0.0.2 just fine. The same appears to be true from my
email
gateway. When it is set to use the ISP DNS for resolution, the
RBL
lookups
work good, but when the local DNS is used, the lookups are slow
and
fail.
I have been searching the internet for info on what might be the
cause
of
this, but so far, all I have found is that "if it doesn't work,
there
is
something configured wrong in my DNS server", but no clue as to
what
it
might
be.
If anyone can help get me pointed in the right direction it would
be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
KenM
Guest
|
| Posted:
Tue Feb 01, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
It just dawned on me that 'up the chain' really doesn't matter. I got a
quick and accurate response from my ISP DNS, which tells me that from the ISP
on 'up the chain' is fine, and the problem has to be in the way my DNS and
the ISP DNS are communicating with each other when I have it set up as a
forwarder.
"Herb Martin" wrote:
| Quote: | "KenM" <KenM@discussions.microsoft.com> wrote in message
news:7DADECD6-20EF-4C93-8AD7-90C089E15A51@microsoft.com...
Hi Herb...
Thanks for your response...To be honest, I am satisfied that it works
without the forwarder. All of the lookups seem a bit quicker this way.
I am curious though....I did try the
"nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS"
and it came back just fine and quick. How would I find the next DNS in
the
chain?
You would probably have to know it --
that is go to the DNS server and see who
you have it forwarding to, or ask the ISP
if you have forgotten the appropriate
address.
--
Herb Martin
Thanks
Ken
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests to
my
ISP
DNS.
That is perfectly fine IF the ISP DNS is reliable.
Are you suggesting that I remove the forwarder and just use root
hints?
You method is perfect fine (better than this actually)
so I believe that he was suggesting you try it to see if
this changes the behavior -- that might be useful if the
ISP has an unreliable DNS server but it would not
be my first choice with a reputable ISP.
How about we approach it systematically? (Unless you
are satisfied that it now "works" from your other post...)
You can test against each DNS server in the chain by
using NSLookup (ignore any initial report of being unable
to find the name of the SERVER, it's a bogus NSLookup
error.)
nslookup www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
You might have to play around with the "timeout" (-time=10)
so see if delaying for slow answers helps:
nslookup -time=10 www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup -time=10 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests to
my
ISP
DNS.
Are you suggesting that I remove the forwarder and just use root
hints?
"neo [mvp outlook]" wrote:
Out of curiosity, why do you use forward lookups? Why not just let
the
server go straight to the internet and see if you get the same
results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in DNS.
I have a novell network, but happen to have an ISA 2004 Firewall
on a
windows server 2003 server with DNS running. I have about 20
local
hosts
entered and am basically just using it to prevent creating hosts
files
for
everyone. I have setup my ISPs DNS as a forwarder to handle all
of
the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving names,
but
I
can't seem to get it to work correctly to do RBL lookups. For
example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but
instead,
my
DNS
just times out. If I set my ISPs DNS as the name server, the RBL
resolves
back to 127.0.0.2 just fine. The same appears to be true from my
email
gateway. When it is set to use the ISP DNS for resolution, the
RBL
lookups
work good, but when the local DNS is used, the lookups are slow
and
fail.
I have been searching the internet for info on what might be the
cause
of
this, but so far, all I have found is that "if it doesn't work,
there
is
something configured wrong in my DNS server", but no clue as to
what
it
might
be.
If anyone can help get me pointed in the right direction it would
be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Wed Feb 02, 2005 6:46 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:72D660CF-EAE8-4CE5-8380-57CFC8263C05@microsoft.com...
| Quote: | It just dawned on me that 'up the chain' really doesn't matter. I got a
quick and accurate response from my ISP DNS, which tells me that from the
ISP
on 'up the chain' is fine, and the problem has to be in the way my DNS and
the ISP DNS are communicating with each other when I have it set up as a
forwarder.
|
I am not sure if there is a question here with which I
can help you.
If you solved it cool, but please let me know if I am
missing your point.
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:72D660CF-EAE8-4CE5-8380-57CFC8263C05@microsoft.com...
| Quote: | It just dawned on me that 'up the chain' really doesn't matter. I got a
quick and accurate response from my ISP DNS, which tells me that from the
ISP
on 'up the chain' is fine, and the problem has to be in the way my DNS and
the ISP DNS are communicating with each other when I have it set up as a
forwarder.
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:7DADECD6-20EF-4C93-8AD7-90C089E15A51@microsoft.com...
Hi Herb...
Thanks for your response...To be honest, I am satisfied that it works
without the forwarder. All of the lookups seem a bit quicker this
way.
I am curious though....I did try the
"nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS"
and it came back just fine and quick. How would I find the next DNS
in
the
chain?
You would probably have to know it --
that is go to the DNS server and see who
you have it forwarding to, or ask the ISP
if you have forgotten the appropriate
address.
--
Herb Martin
Thanks
Ken
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests
to
my
ISP
DNS.
That is perfectly fine IF the ISP DNS is reliable.
Are you suggesting that I remove the forwarder and just use root
hints?
You method is perfect fine (better than this actually)
so I believe that he was suggesting you try it to see if
this changes the behavior -- that might be useful if the
ISP has an unreliable DNS server but it would not
be my first choice with a reputable ISP.
How about we approach it systematically? (Unless you
are satisfied that it now "works" from your other post...)
You can test against each DNS server in the chain by
using NSLookup (ignore any initial report of being unable
to find the name of the SERVER, it's a bogus NSLookup
error.)
nslookup www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
You might have to play around with the "timeout" (-time=10)
so see if delaying for slow answers helps:
nslookup -time=10 www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup -time=10 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests
to
my
ISP
DNS.
Are you suggesting that I remove the forwarder and just use root
hints?
"neo [mvp outlook]" wrote:
Out of curiosity, why do you use forward lookups? Why not just
let
the
server go straight to the internet and see if you get the same
results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in
DNS.
I have a novell network, but happen to have an ISA 2004
Firewall
on a
windows server 2003 server with DNS running. I have about 20
local
hosts
entered and am basically just using it to prevent creating
hosts
files
for
everyone. I have setup my ISPs DNS as a forwarder to handle
all
of
the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving
names,
but
I
can't seem to get it to work correctly to do RBL lookups. For
example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but
instead,
my
DNS
just times out. If I set my ISPs DNS as the name server, the
RBL
resolves
back to 127.0.0.2 just fine. The same appears to be true from
my
email
gateway. When it is set to use the ISP DNS for resolution,
the
RBL
lookups
work good, but when the local DNS is used, the lookups are
slow
and
fail.
I have been searching the internet for info on what might be
the
cause
of
this, but so far, all I have found is that "if it doesn't
work,
there
is
something configured wrong in my DNS server", but no clue as
to
what
it
might
be.
If anyone can help get me pointed in the right direction it
would
be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
KenM
Guest
|
| Posted:
Wed Feb 02, 2005 7:43 pm Post subject:
Re: Windows DNS and RBL Lookups |
|
|
In an earlier post, you suggested that I approach the problem systematically
and check each DNS server in the chain. The fact that I can get a quick and
accurate response directed right at the ISP DNS tells me that the ISP DNS and
any DNS they may be forwarding to are working just fine. The problem occurs
when I am directing it at my internernal DNS and forwarding the request to
the ISP DNS. That tells me that the problem either lies in performance of my
internal DNS, or in the way my internal DNS is communicating with the ISP DNS.
Any possibility that the issue has anything to do with ISA 2004?? The DNS
is on the same server as ISA so that it is available to both the internal
network and the perimeter network. I never seemed to have any problems with
this when I was running 2000 server and ISA 2000. It seems to be an issue
though since it was upgraded to 2003 server and ISA 2004. DNS requests being
made directly to the ISP DNS through ISA do still seem to be fine. Only
forwarded requests seem to be affected.
"Herb Martin" wrote:
| Quote: | "KenM" <KenM@discussions.microsoft.com> wrote in message
news:72D660CF-EAE8-4CE5-8380-57CFC8263C05@microsoft.com...
It just dawned on me that 'up the chain' really doesn't matter. I got a
quick and accurate response from my ISP DNS, which tells me that from the
ISP
on 'up the chain' is fine, and the problem has to be in the way my DNS and
the ISP DNS are communicating with each other when I have it set up as a
forwarder.
I am not sure if there is a question here with which I
can help you.
If you solved it cool, but please let me know if I am
missing your point.
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:72D660CF-EAE8-4CE5-8380-57CFC8263C05@microsoft.com...
It just dawned on me that 'up the chain' really doesn't matter. I got a
quick and accurate response from my ISP DNS, which tells me that from the
ISP
on 'up the chain' is fine, and the problem has to be in the way my DNS and
the ISP DNS are communicating with each other when I have it set up as a
forwarder.
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:7DADECD6-20EF-4C93-8AD7-90C089E15A51@microsoft.com...
Hi Herb...
Thanks for your response...To be honest, I am satisfied that it works
without the forwarder. All of the lookups seem a bit quicker this
way.
I am curious though....I did try the
"nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS"
and it came back just fine and quick. How would I find the next DNS
in
the
chain?
You would probably have to know it --
that is go to the DNS server and see who
you have it forwarding to, or ask the ISP
if you have forgotten the appropriate
address.
--
Herb Martin
Thanks
Ken
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests
to
my
ISP
DNS.
That is perfectly fine IF the ISP DNS is reliable.
Are you suggesting that I remove the forwarder and just use root
hints?
You method is perfect fine (better than this actually)
so I believe that he was suggesting you try it to see if
this changes the behavior -- that might be useful if the
ISP has an unreliable DNS server but it would not
be my first choice with a reputable ISP.
How about we approach it systematically? (Unless you
are satisfied that it now "works" from your other post...)
You can test against each DNS server in the chain by
using NSLookup (ignore any initial report of being unable
to find the name of the SERVER, it's a bogus NSLookup
error.)
nslookup www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
You might have to play around with the "timeout" (-time=10)
so see if delaying for slow answers helps:
nslookup -time=10 www.Yahoo.com YOUR.DNS.IP.ADDRESS
nslookup -time=10 2.0.0.127.bl.spamcop.net ISP.DNS.IP.ADDRESS
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:D570DABF-3CD6-4DB2-9294-EABCF26F6330@microsoft.com...
Well, Like I said, I am not an expert....
It was my understanding when I set this up, that since I was only
using it
for local hosts, that I should have it forward all other requests
to
my
ISP
DNS.
Are you suggesting that I remove the forwarder and just use root
hints?
"neo [mvp outlook]" wrote:
Out of curiosity, why do you use forward lookups? Why not just
let
the
server go straight to the internet and see if you get the same
results.
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:AB31DFC0-4134-4710-8D5B-A64D8F56960D@microsoft.com...
I will start by admitting that I am by no means an expert in
DNS.
I have a novell network, but happen to have an ISA 2004
Firewall
on a
windows server 2003 server with DNS running. I have about 20
local
hosts
entered and am basically just using it to prevent creating
hosts
files
for
everyone. I have setup my ISPs DNS as a forwarder to handle
all
of
the
external domain lookups.
In nslookup, it seems to work just fine as far as resolving
names,
but
I
can't seem to get it to work correctly to do RBL lookups. For
example,
2.0.0.127.bl.spamcop.net should come back as 127.0.0.2, but
instead,
my
DNS
just times out. If I set my ISPs DNS as the name server, the
RBL
resolves
back to 127.0.0.2 just fine. The same appears to be true from
my
email
gateway. When it is set to use the ISP DNS for resolution,
the
RBL
lookups
work good, but when the local DNS is used, the lookups are
slow
and
fail.
I have been searching the internet for info on what might be
the
cause
of
this, but so far, all I have found is that "if it doesn't
work,
there
is
something configured wrong in my DNS server", but no clue as
to
what
it
might
be.
If anyone can help get me pointed in the right direction it
would
be
greatly
appreciated!!
Thanks.
Ken
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Thu Feb 03, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:31ABA2D7-4875-4596-9BAB-8F39F5CB91EE@microsoft.com...
| Quote: | In an earlier post, you suggested that I approach the problem
systematically
and check each DNS server in the chain. The fact that I can get a quick
and
accurate response directed right at the ISP DNS tells me that the ISP DNS
and
any DNS they may be forwarding to are working just fine.
|
That sounds correct.
| Quote: | The problem occurs
when I am directing it at my internernal DNS and forwarding the request to
the ISP DNS. That tells me that the problem either lies in performance of
my
internal DNS, or in the way my internal DNS is communicating with the ISP
DNS. |
Sounds right too.
| Quote: | Any possibility that the issue has anything to do with ISA 2004??
|
Not in the design but possible in the performance of that Nat/Proxy
but I doubt it is ISA -- it seems like it is the DNS server itself. **
Were it failing to get through, we might suspect that DNS (UDP 53,
and maybe TCP 53) were filtered, but it should go right through
and it is probably going through when you use NSLookup the exact
same way. (53 UDP etc.)
Do you see a different when you ask the ISP from a regulary client,
or from the actual DNS server using NSLookup for both?
| Quote: | The DNS
is on the same server as ISA so that it is available to both the internal
network and the perimeter network.
|
How are the RAM, CPU %, and other things (PerfMon/SysMon) that
might cause DNS to run slow?
| Quote: | I never seemed to have any problems with
this when I was running 2000 server and ISA 2000.
|
Ram/CPU requirements or at least recommendations are
somewhat higher for both upgrades.
| Quote: | It seems to be an issue
though since it was upgraded to 2003 server and ISA 2004. DNS requests
being
made directly to the ISP DNS through ISA do still seem to be fine. Only
forwarded requests seem to be affected.
|
**Can we check a couple of things: Are you absolutely
sure that the DNS server is forwarding ONLY to the
same server(s) you are testing at the ISP?
If you have more than one, and haven't checked all of
them from the client, make sure they all (seem) to perform
equally or put the fastest on the top of the list.
Did you turn off (check the box for) the "Do not use recursion"
ONLY on the Forwarding tab?
This should not help the performance much, but if we get
forwarding to perform correctly then there is no need for
the machine to do both. (And it is slightly safer to let the
ISP do it all as long as the ISP is reliable.) |
|
| Back to top |
|
|
KenM
Guest
|
| Posted:
Thu Feb 03, 2005 9:49 pm Post subject:
Re: Windows DNS and RBL Lookups |
|
|
Hi Herb...
I did not initially check the box for 'do not use recursion for this
domain'. Today, I went back in and added my ISP DNS address as the forwarder
for the 'all other DNS domains', and checked the box to turn off recursion
for that entry. I also cleared the cache and everything seems to be working
just as it should.
For the moment I will concider this case closed and greatly appreciate the
help you have offered.
Ken
"Herb Martin" wrote:
| Quote: | "KenM" <KenM@discussions.microsoft.com> wrote in message
news:31ABA2D7-4875-4596-9BAB-8F39F5CB91EE@microsoft.com...
In an earlier post, you suggested that I approach the problem
systematically
and check each DNS server in the chain. The fact that I can get a quick
and
accurate response directed right at the ISP DNS tells me that the ISP DNS
and
any DNS they may be forwarding to are working just fine.
That sounds correct.
The problem occurs
when I am directing it at my internernal DNS and forwarding the request to
the ISP DNS. That tells me that the problem either lies in performance of
my
internal DNS, or in the way my internal DNS is communicating with the ISP
DNS.
Sounds right too.
Any possibility that the issue has anything to do with ISA 2004??
Not in the design but possible in the performance of that Nat/Proxy
but I doubt it is ISA -- it seems like it is the DNS server itself. **
Were it failing to get through, we might suspect that DNS (UDP 53,
and maybe TCP 53) were filtered, but it should go right through
and it is probably going through when you use NSLookup the exact
same way. (53 UDP etc.)
Do you see a different when you ask the ISP from a regulary client,
or from the actual DNS server using NSLookup for both?
The DNS
is on the same server as ISA so that it is available to both the internal
network and the perimeter network.
How are the RAM, CPU %, and other things (PerfMon/SysMon) that
might cause DNS to run slow?
I never seemed to have any problems with
this when I was running 2000 server and ISA 2000.
Ram/CPU requirements or at least recommendations are
somewhat higher for both upgrades.
It seems to be an issue
though since it was upgraded to 2003 server and ISA 2004. DNS requests
being
made directly to the ISP DNS through ISA do still seem to be fine. Only
forwarded requests seem to be affected.
**Can we check a couple of things: Are you absolutely
sure that the DNS server is forwarding ONLY to the
same server(s) you are testing at the ISP?
If you have more than one, and haven't checked all of
them from the client, make sure they all (seem) to perform
equally or put the fastest on the top of the list.
Did you turn off (check the box for) the "Do not use recursion"
ONLY on the Forwarding tab?
This should not help the performance much, but if we get
forwarding to perform correctly then there is no need for
the machine to do both. (And it is slightly safer to let the
ISP do it all as long as the ISP is reliable.)
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Fri Feb 04, 2005 6:47 am Post subject:
Re: Windows DNS and RBL Lookups |
|
|
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:559049B8-8E58-4E9F-B791-39D998524C27@microsoft.com...
| Quote: | Hi Herb...
I did not initially check the box for 'do not use recursion for this
domain'. Today, I went back in and added my ISP DNS address as the
forwarder
for the 'all other DNS domains', and checked the box to turn off recursion
for that entry. I also cleared the cache and everything seems to be
working
just as it should.
For the moment I will concider this case closed and greatly appreciate the
help you have offered.
|
Excellent. I hope it stays working well.
--
Herb Martin
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:559049B8-8E58-4E9F-B791-39D998524C27@microsoft.com...
| Quote: | Hi Herb...
I did not initially check the box for 'do not use recursion for this
domain'. Today, I went back in and added my ISP DNS address as the
forwarder
for the 'all other DNS domains', and checked the box to turn off recursion
for that entry. I also cleared the cache and everything seems to be
working
just as it should.
For the moment I will concider this case closed and greatly appreciate the
help you have offered.
Ken
"Herb Martin" wrote:
"KenM" <KenM@discussions.microsoft.com> wrote in message
news:31ABA2D7-4875-4596-9BAB-8F39F5CB91EE@microsoft.com...
In an earlier post, you suggested that I approach the problem
systematically
and check each DNS server in the chain. The fact that I can get a
quick
and
accurate response directed right at the ISP DNS tells me that the ISP
DNS
and
any DNS they may be forwarding to are working just fine.
That sounds correct.
The problem occurs
when I am directing it at my internernal DNS and forwarding the
request to
the ISP DNS. That tells me that the problem either lies in
performance of
my
internal DNS, or in the way my internal DNS is communicating with the
ISP
DNS.
Sounds right too.
Any possibility that the issue has anything to do with ISA 2004??
Not in the design but possible in the performance of that Nat/Proxy
but I doubt it is ISA -- it seems like it is the DNS server itself. **
Were it failing to get through, we might suspect that DNS (UDP 53,
and maybe TCP 53) were filtered, but it should go right through
and it is probably going through when you use NSLookup the exact
same way. (53 UDP etc.)
Do you see a different when you ask the ISP from a regulary client,
or from the actual DNS server using NSLookup for both?
The DNS
is on the same server as ISA so that it is available to both the
internal
network and the perimeter network.
How are the RAM, CPU %, and other things (PerfMon/SysMon) that
might cause DNS to run slow?
I never seemed to have any problems with
this when I was running 2000 server and ISA 2000.
Ram/CPU requirements or at least recommendations are
somewhat higher for both upgrades.
It seems to be an issue
though since it was upgraded to 2003 server and ISA 2004. DNS requests
being
made directly to the ISP DNS through ISA do still seem to be fine.
Only
forwarded requests seem to be affected.
**Can we check a couple of things: Are you absolutely
sure that the DNS server is forwarding ONLY to the
same server(s) you are testing at the ISP?
If you have more than one, and haven't checked all of
them from the client, make sure they all (seem) to perform
equally or put the fastest on the top of the list.
Did you turn off (check the box for) the "Do not use recursion"
ONLY on the Forwarding tab?
This should not help the performance much, but if we get
forwarding to perform correctly then there is no need for
the machine to do both. (And it is slightly safer to let the
ISP do it all as long as the ISP is reliable.)
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in