Win2k forgets Nameserver?
Marc.Thach at radianz.com
Marc.Thach at radianz.com
Fri Sep 28 14:20:09 UTC 2001
Ray,
Your site's security policy is not correctly implemented. If your
security
policy states that you will not accept DNS responses where they have a
different IP than expected, then you should accept that those sites are
"insecure" and not expect to use them. If this is not your security
poilcy, then you should use a firewall configuration that allows the
correct traffic.
rgds
Marc TXK
________________________________________________________________________
The views expressed are personal and do not necessarily reflect those of
the organisation providing the mail address from which this message was
sent
"None"
<reply at here.onl To:
comp-protocols-dns-bind at moderators.isc.org
y> cc:
Sent by: Subject: Re: Win2k
forgets Nameserver?
bind-users-boun
ce at isc.org
28/09/2001
03:29
Please respond
to "None"
That's a problem. We've run into an issue where some DNS systems send
the response back using a different IP address than the query was sent
to. When this happens, we can't resolve the site because the firewall
drops it. Microsoft has a KB article on this.
So, our solution was to use a DNS server outside the firewall provided
by our ISP. It works, but we don't want to put our internal-only IP
addresses on it, of course. I'll try the /flushdns switch when it
happens again. I don't know about it.
Guess we'll just have to dump Win2K for Linux. <g>
Ray
> > Primary DNS is Windows NT 4. Secondary DNS is Windows NT 4. Thirdary
DNS is
> > an external ISP server. Primary and secondary are slaves off our
BIND 8.2.3
> > masters. Thirdary DNS does not have our internal sites.
>
> As described elsewhere in thread, all DNS servers should give
> the same answers. so this is just a configuration error - just
> lose the third DNS server from the list.
-- Binary/unsupported file stripped by Listar --
-- Type: application/ms-tnef
-- File: winmail.dat
More information about the bind-users
mailing list