<div>
Ok more to add. &nbsp;It appears this is getting dropped because of :<br />
FWX_E_TCP_NOT_SYN_PACKET_D<wbr />ROPPED<br />
<br />
No rule is shown so I'm still thinking this is a filter problem.
</div>


Ok more to add.  It appears this is getting dropped because of :
FWX_E_TCP_NOT_SYN_PACKET_DROPPED

No rule is shown so I'm still thinking this is a filter problem.

<div>
<div class="content wysiwyg-content">
I have a wierd problem. &nbsp;I've allowed zone transfers from our primary DNS server to some specific IPs. &nbsp;On of those IPs is a secondary DNS server that I control and is nat'd behind the same IP as my computer. &nbsp;Zone transfers to this secondary DNS server are working fine and transfers are being requested from that server by the external IP of the primary dns server. &nbsp;However when I do a nslookup to that same external IP and then &quot;ls -d oneofourdomains.com&quot; I get a strage response (see attached image). &nbsp;If I do the same nslookup command to the servers interal IP (meaning I've taken the ISA firewall out of the equation) it works as it should (I see all zones). &nbsp;I've tried disabling the dns filter but that didn't work. &nbsp;Any thoughts?<br />
<a href="https://filedb.experts-exchange.com/incoming/2009/04_w18/133893/nslookup.jpg" target="_blank" class="file-inline" title="nslookup (78 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>nslookup.jpg</a>
</div>
</div>


nslookup.jpg

I have a wierd problem.  I've allowed zone transfers from our primary DNS server to some specific IPs.  On of those IPs is a secondary DNS server that I control and is nat'd behind the same IP as my computer.  Zone transfers to this secondary DNS server are working fine and transfers are being requested from that server by the external IP of the primary dns server.  However when I do a nslookup to that same external IP and then "ls -d oneofourdomains.com" I get a strage response (see attached image).  If I do the same nslookup command to the servers interal IP (meaning I've taken the ISA firewall out of the equation) it works as it should (I see all zones).  I've tried disabling the dns filter but that didn't work.  Any thoughts?

ISA 2006 blocking nslookup ls -d domain.com

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.

Microsoft Forefront ISA Server

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.