ISA 2006 blocking nslookup ls -d

Posted on 2009-04-29
Last Modified: 2012-05-06
I have a wierd problem.  I've allowed zone transfers from our primary DNS server to some specific IPs.  On of those IPs is a secondary DNS server that I control and is nat'd behind the same IP as my computer.  Zone transfers to this secondary DNS server are working fine and transfers are being requested from that server by the external IP of the primary dns server.  However when I do a nslookup to that same external IP and then "ls -d" I get a strage response (see attached image).  If I do the same nslookup command to the servers interal IP (meaning I've taken the ISA firewall out of the equation) it works as it should (I see all zones).  I've tried disabling the dns filter but that didn't work.  Any thoughts?
Question by:b_levitt
    LVL 11

    Author Comment

    Ok more to add.  It appears this is getting dropped because of :

    No rule is shown so I'm still thinking this is a filter problem.
    LVL 11

    Accepted Solution

    OK, I fixed it.  Other symtoms were 0x80074e24 FWX_E_CONNECTION_KILLED in the log.

    In ISA Manager:
    Configuration --> General -->
    Enable Intrusion Detection and DNS Attach Detection -->
    DNS Attacks Tab

    I unchecked both "DNS host name overflow" and "DNS length overflow" (make sure  you wait a few seconds after applying this before trying again).  This makes some sense since this was a large domain, but I have no idea why this filter is being applied to OUTBOUND traffic.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Suggested Solutions

    In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
    Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now