If this is a domain environment this will likely slow down domain functions as the XP machines will be asking the ISP server for domain information. I think a better way is to have MS DNS have a forwarder for external lookups setup (right click on dns server in mmc, and select the forwarder tab there you can specify your ISP's dns or even better yet use OPENDNS 208.67.222.222. Then have DHCP assign the MS DNS as the only DNS server.
-----Original Message----- From: sai [mailto:[EMAIL PROTECTED] Sent: Friday, July 20, 2007 6:48 AM To: [email protected] Subject: Re: [pfSense Support] DNS forwarder timeouts/failures I've always had problems with MS DNS implementations. They have messed around with DNS and so it exhibits strange behaviour. I'd suggest that you get rid of the MS machines IP as a DNS server on the firewall. On your XP PCs have the firewall as the primary DNS, and the MS machine as secondary. sai On 7/18/07, Volker Kuhlmann <[EMAIL PROTECTED]> wrote: > I have installed pfsense 1.2beta1 built on Mon Apr 30 10:47:18 EDT > 2007, LAN with half a dozen XP and a few Linux machines. ADSL. Primary > name server on the general setup tab is fixed to the ISP's name > server, secondary name server is set to the MS business server 2003. > DHCP server and DNS forwarder are used on pfsense. Client machines are > set to use the pfsense firewall as name server. > > Frequently name lookups in browsers fail. On page reload in the > browser they are always fine. The problem is more pronounced on the XP > clients but also exists on the Linux clients. To check that it isn't > the ISP's name server (which has a bad reputation), I configured a > name server of another ISP instead. Timeouts occur as frequently. > > My analysis of the problem is that pfsense's DNS forwarder's timeouts > are too short. How can I increase those? > > Thanks for any tips. > > Volker > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
