Re: IPsecpol and DNS lookup question

From: Karl Levinson [x y] mvp (
Date: 12/18/02

From: "Karl Levinson [x y] mvp" <>
Date: Wed, 18 Dec 2002 09:27:44 -0500

... by allowing traffic to UDP and TCP ports 53 on the DNS server, in case
you needed to know.

"Steve Riley (MSFT)" <> wrote in message
> I presume you mean DNS *name* when you say "DNS address."
> Remember that the computer will have to perform a DNS lookup if you use
> names in IPSec filter lists. Make sure that your policy is allowing access
> to your DNS servers so that name resolution can occur.
> --
> --------------------------------
> Steve Riley
> MCS Security Consulting Practice
> --------------------------------
> "Jane Tunnicliff" <> wrote in message
> news:e06gzCgpCHA.2444@TK2MSFTNGP10...
> > I have been using the Win 2 K command line IPSec tool, IPsecpol.exe. I
> > have a filter that is configured to allow traffic to and from a
> > DNS address. I can ping the DNS address successfully (it is a group of
> > multiple time servers). If I set the filter to allow traffic to and
> > the DNS address it fails.
> > If I set the filter to allow traffic to and from a specific IP address
> > (within that DNS group), then the filter works just fine.
> >
> > We are not running Active Directory DNS within our domain. Does anyone
> know
> > if IPSecpol filters, in static mode, can be configured to use a DNS
> address
> > instead of an IP address?
> >
> > Thanks for any information.
> >
> >

Relevant Pages

  • Re: Spam solutions - written smtp sink or spam software?
    ... that his client has a messed up DNS record and that's why you rejected it. ... I think you will find that the quality anti spam solutions out there work ... MVP - Exchange ... >I am looking for a spam filter. ...
  • Update
    ... I rebooted my ISA server and DNS lookups started to pass via ISA even ... > Do I need to have enabled the DNS filter that comes with default ISA ...
  • Re: IPsecpol and DNS lookup question
    ... To clarify - I already have an IPSec filter that allows traffic to and from ... DNS resolution is working fine. ... I am attempting to add another filter. ... NTP servers) instead of directing the filter to a single NTP server IP ...
  • Re: Help With DNS Through VPN
    ... the pre-defined DNS lookup filter is used to allow DNS queries FROM ... You need to allow DNS queries TO ISA - not the ... your DNS server on the ISA2000 machine, see this excellent article by Tom ...
  • Re: SMTP Woes
    ... You might want to look at the Exchange Intelligent Message Filter first, ... One often neglected area is to take a look at who is hitting your DNS ... send 10's or 100's of requests a day to your DNS server? ... to anyone except your ISP). ...