Re: IPsecpol and DNS lookup question

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/18/02


From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Wed, 18 Dec 2002 09:27:44 -0500


... by allowing traffic to UDP and TCP ports 53 on the DNS server, in case
you needed to know.

"Steve Riley (MSFT)" <steriley@microsoft.com> wrote in message
news:eh9gM3lpCHA.1612@TK2MSFTNGP09...
> I presume you mean DNS *name* when you say "DNS address."
>
> Remember that the computer will have to perform a DNS lookup if you use
DNS
> names in IPSec filter lists. Make sure that your policy is allowing access
> to your DNS servers so that name resolution can occur.
>
> --
> --------------------------------
> Steve Riley
> MCS Security Consulting Practice
> steriley@microsoft.com
> --------------------------------
>
>
> "Jane Tunnicliff" <jtunn@uwpn.org> wrote in message
> news:e06gzCgpCHA.2444@TK2MSFTNGP10...
> > I have been using the Win 2 K command line IPSec tool, IPsecpol.exe. I
> > have a filter that is configured to allow traffic to and from a
particular
> > DNS address. I can ping the DNS address successfully (it is a group of
> > multiple time servers). If I set the filter to allow traffic to and
from
> > the DNS address it fails.
> > If I set the filter to allow traffic to and from a specific IP address
> > (within that DNS group), then the filter works just fine.
> >
> > We are not running Active Directory DNS within our domain. Does anyone
> know
> > if IPSecpol filters, in static mode, can be configured to use a DNS
> address
> > instead of an IP address?
> >
> > Thanks for any information.
> >
> >
>
>



Relevant Pages

  • Re: Spam solutions - written smtp sink or spam software?
    ... that his client has a messed up DNS record and that's why you rejected it. ... I think you will find that the quality anti spam solutions out there work ... MVP - Exchange ... >I am looking for a spam filter. ...
    (microsoft.public.exchange.admin)
  • Update
    ... I rebooted my ISA server and DNS lookups started to pass via ISA even ... > Do I need to have enabled the DNS filter that comes with default ISA ...
    (microsoft.public.isa)
  • Re: IPsecpol and DNS lookup question
    ... To clarify - I already have an IPSec filter that allows traffic to and from ... DNS resolution is working fine. ... I am attempting to add another filter. ... NTP servers) instead of directing the filter to a single NTP server IP ...
    (microsoft.public.security)
  • Re: Help With DNS Through VPN
    ... the pre-defined DNS lookup filter is used to allow DNS queries FROM ... You need to allow DNS queries TO ISA - not the ... your DNS server on the ISA2000 machine, see this excellent article by Tom ...
    (microsoft.public.isa)
  • Re: SMTP Woes
    ... You might want to look at the Exchange Intelligent Message Filter first, ... One often neglected area is to take a look at who is hitting your DNS ... send 10's or 100's of requests a day to your DNS server? ... to anyone except your ISP). ...
    (microsoft.public.isaserver)