Yeah, I forgot to mention that I had tried that. I shut down the firewall service completely, but these errors continued to be logged. Also, I have IPv6 disabled on the server.
Crazy. From: Jon Harris [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2008 3:42 PM To: NT System Admin Issues Subject: Re: Server 2008 DNS / Firewall Problem John try shutting down the firewall and see if they go away. If so then you may have the same issue I had this morning with IIS v7. It appears that there is something in the internal firewall that does not like certain features, and no I have not had time to trouble shoot this yet. It might also be that you have the machine using IP v6 and IP v4. I had to shutdown IP v6 on my DNS/DS because I did not have a fixed IP v6 address for the machine. Another trouble shooting thing for me to do. Jon On Wed, Jul 30, 2008 at 3:33 PM, John Hornbuckle <[EMAIL PROTECTED]> wrote: I have a separate DNS server here for external queries. That server isn't AD-integrated, and only contains a handful of records for hosts that need to be reached from the outside world. This task has been handled by a Server 2003 server. I've shut down DNS on that server and moved its IP address to a new Server 2008 server. But for some reason, the Server 2008 machine is blocking all DNS queries from any other machine (on our network or off). Windows Firewall is configured to allow inbound and outbound TCP/UDP traffic on port 53, so that doesn't seem to be the issue. But I get a ton of these in the Security Log: ===== The Windows Filtering Platform has blocked a connection. Application Information: Process ID: 1404 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 150.176.37.178 <http://150.176.37.178/> Source Port: 53 Destination Address: 150.176.37.163 <http://150.176.37.163/> Destination Port: 58058 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Receive/Accept Layer Run-Time ID: 44 ===== The 150.176.37.178 <http://150.176.37.178/> machine is the DNS server, and the 150.176.37.163 <http://150.176.37.163/> machine is I'm trying to do a query from using nslookup. But I've also got lots of entries like these from other hosts trying to query the server. I'm stumped as to why this traffic is being blocked. Any ideas? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us <http://www.taylor.k12.fl.us/> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
