|
-
November 14th, 2004, 09:09 PM
#1
Registered User
Deliver me from Swedish furniture!
-
November 14th, 2004, 09:19 PM
#2
Registered User
 Originally Posted by silencio
...can't get to it.
Works fine for me Sil.
Sergeant WOTPP 
-
November 14th, 2004, 10:39 PM
#3
Registered User
-
November 14th, 2004, 10:44 PM
#4
Registered User
Got it, and man, this has been driving my buggy for a while. It was only effecting yahoo for awhile but tonight it started effecting google so something had to be done. In a nutshell, it was a Microsoft/PIX DNS issue. DNS queries that returned an answer larger than 512K were rejected at the PIX.
Maybe NooNoo could move this to tech tips..
Document here.
SYMPTOMS
When a computer that is running Microsoft Windows Server 2003 makes an external DNS query, you may receive one of the following error messages:
Query Refused
Server unable to interpret format
Timeout
CAUSE
Cause #1
This problem may occur on some Cisco PIX Firewall models with software that is earlier than PIX Firewall version 6.3(2). The Cisco PIX Firewall drops DNS packets sent to User Datagram Protocol (UDP) port 53 that are larger than the configured maximum length. By default, the maximum length for UDP packets is 512 bytes. Cause #2
This problem may occur if the external DNS server does not support Extension Mechanisms for DNS (EDNS0) or if a firewall exists between your server and the external DNS server. DNS servers that do not support EDNS0 cannot process EDNS0 data, and this behavior causes the query to fail. Some firewalls may drop the EDNS0 packets that are sent by servers that support EDNS0, or may drop UDP packets that are larger than 512 bytes that are sent by servers that support EDNS0.
WORKAROUND
Workaround #1
To resolve this problem, visit the following Cisco Systems Web site for information and update instructions: http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00801a6d21.html#110415
Workaround #2
To work around this problem, turn off EDNS0 support in Windows Server 2003. To do this, follow these steps: 1.Start a command prompt.2.Type dnscmd /Config /EnableEDnsProbes 0, and then press ENTER.
Deliver me from Swedish furniture!
-
November 14th, 2004, 10:48 PM
#5
Banned
-
November 14th, 2004, 10:59 PM
#6
Registered User
Originally Posted by TripleRLtd
Good heads up Silence. 
So, you're browsing WD with Win2k3 Server? 
Naa. I don't do any browsing from the servers. I have a domain in the house. 
Deliver me from Swedish furniture!
-
November 14th, 2004, 11:03 PM
#7
Banned
I figured as much.
Just playing man.
-
November 15th, 2004, 02:26 AM
#8
Intel Mod
Google down...?
Mmmm soft !
Similar Threads
-
By Stalemate in forum Tech Lounge & Tales
Replies: 11
Last Post: September 22nd, 2004, 12:36 AM
-
By silencio in forum Tech Lounge & Tales
Replies: 3
Last Post: July 27th, 2004, 11:24 AM
-
By Stalemate in forum Tech Lounge & Tales
Replies: 2
Last Post: July 21st, 2004, 09:41 AM
-
By Stalemate in forum Tech Lounge & Tales
Replies: 3
Last Post: May 23rd, 2004, 11:52 PM
-
By Stalemate in forum Tech Lounge & Tales
Replies: 3
Last Post: August 26th, 2003, 04:51 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks