 |
 |
|
|
|
|
Welcome to the { mindfrost82.com } forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
05-02-2008, 11:47 AM
|
|||
|
|||
|
IP Security Policies wont all DNS 53 pass through ?
Hi,
On Windows 2003 64 bit server i run the following test telnet <dns ip> 53 i connect ok to a remote dns server. I created a PACKET FILTER policy. Within this policy i have created the RULE "DNS". Within this rule i have a DNS filter. Filter is setup as follows: source = any ipaddress destination = any ip address protocol = tcp from = any to = 53 saved/applyed I now assigned the policy and try telnet <dns ip> 53 It fails to connect to the remote DNS server. If i unasigned the policy it works again. Why does my policy fail to allow DNS to pass through ? (Have used gpudate to flush just incase but ASSIGN then UNASSIGN clearly shows the 2 states failing / working). Thanks for any advice. Scott 
|
|
05-02-2008, 10:52 PM
|
|||
|
|||
|
Re: IP Security Policies wont all DNS 53 pass through ?
"Scott" <scott_lotus@yahoo.co.uk> wrote in message news:ObVa%23HErIHA.1772@TK2MSFTNGP03.phx.gbl... > Hi, > > On Windows 2003 64 bit server i run the following test > > telnet <dns ip> 53 > i connect ok to a remote dns server. Do note that telnet is a TCP (only) utility and that DNS resolution is mostly UDP. NetCat (free on the Internet) is a much better tool for non-TCP services and even for TCP stuff too. > I created a PACKET FILTER policy. > Within this policy i have created the RULE "DNS". > Within this rule i have a DNS filter. > > Filter is setup as follows: > source = any ipaddress > destination = any ip address > protocol = tcp > from = any > to = 53 > saved/applyed > > I now assigned the policy and try > telnet <dns ip> 53 Are these RRAS filters or IPSec? Are you allowing, deny, or (for IPSec only) negotiating IPSec? > It fails to connect to the remote DNS server. > > If i unasigned the policy it works again. > Why does my policy fail to allow DNS to pass through ? Did you build an IPSec policy yourself, use Kerberos as the authentication method, and block Kerberos perhaps? (The default policies all use Kerberos authentication AND exempt Kerberos from the IPSec requirement.) > (Have used gpudate to flush just incase but ASSIGN then UNASSIGN clearly > shows the 2 states failing / working). IPSecMon might be of use. Turn on Account Logon auditing and monitor authentication when you are working with Kerberos authenticated IPSec.
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
