Error Code 11001: Host not found

I have ISA 2006 , it has 2 interfaces ( internal + DMZ) , and i have applied 2 rules ,

1- allow internal and local host to external , all protocols , for all users

2- allow my internal DNS to query dns from my ISP DNS ( I have setup a computer set for ISP dns servers , and another one for my internal DNS servers)

but the problem is some websites like microsoft.com , cant be opening with this error

Error Code 11001: Host not found
Background: This error indicates that the gateway could not find the IP
address of the website you are trying to access. This is usually due to a
DNS-related error.
Source: DNS error
Error Code 11001: Host not found

i cant open this website on the isa server also !! but i can access it if i specidfy the IP address of microsoft.com

any idea why is this happining ? do i need to apply any rule ?

January 20th, 2011 5:55am

Hi Ahmed

Have you specified DNS servers on both DMZ and Internal NIC?
Only specify the internal DNS server on the internal NIC and leave it empty at the DMZ.
Check the binding order on the NIC with the Internal NIC on top.

Another big problem, when you specify rules for all traffic from the ISA server (localhost) and internal to the external your ISA firewall becomes a normal windows server.
There is already  a system policy that allows DNS request from the ISA server to all networks.

For the DNS traffic from the internal DNS servers only specify a rule for a computer set of your internal DNS servers IP adresses to External (or your ISP DNS if you use them as DNS Forwarders)

I hope this helps, and if not please give us more information about your Network/NIC configuration and DNS infrastructure.
Best regards,

Anders

  • Edited by MrAndersMVP Thursday, January 20, 2011 8:09 AM spelling
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2011 8:08am

Hi Ahmed

Have you specified DNS servers on both DMZ and Internal NIC?
Only specify the internal DNS server on the internal NIC and leave it empty at the DMZ.
Check the binding order on the NIC with the Internal NIC on top.

Another big problem, when you specify rules for all traffic from the ISA server (localhost) and internal to the external your ISA firewall becomes a normal windows server.
There is already  a system policy that allows DNS request from the ISA server to all networks.

For the DNS traffic from the internal DNS servers only specify a rule for a computer set of your internal DNS servers IP adresses to External (or your ISP DNS if you use them as DNS Forwarders)

I hope this helps, and if not please give us more information about your Network/NIC configuration and DNS infrastructure.
Best regards,

Anders

  • Edited by MrAndersMVP Thursday, January 20, 2011 8:09 AM spelling
January 20th, 2011 8:08am

On the DMZ i did not specify any DNS server , and on the internal i have specify the internal DNS server

My internal NIC is on the top and the DMZ on the second,

this is my NIC config :

Ethernet adapter DMZ:

   Connection-specific DNS Suffix  . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.100.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.16.100.1

Ethernet adapter Internal:

   Connection-specific DNS Suffix  . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.2.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 172.16.2.12
                                       172.16.2.20

 

 on the allow all traffic rule , i have removed local host and keep only internal to external , for all users. 

on the DNS rule , i already added one computer set that contain my DNS servers , and another one for my ISP DNS.

still it is not working  !!

what else i can do to know what is really the problem ?

 

 

 

Free Windows Admin Tool Kit Click here and download it now
January 20th, 2011 9:49am

Hello,

Can you please run "nslookup microsoft.com" or any other site that fails in command prompt and post the result?

Also when running nslookup, can you monitor ISA log and post the relevant line?

Thanks,

January 20th, 2011 12:33pm

Hi,

 

Thank you for the post.

 

“allow internal and local host to external , all protocols , for all users”- it is not recommended to create “4 all” rule in production environment. You may allow http/https protocol from internal to external for certain users or group.

 

“allow my internal DNS to query DNS from my ISP DNS ( I have setup a computer set for ISP dns servers , and another one for my internal DNS servers)” - on the Access Rule Destinations page, please add External entry and see if it works?

 

Regards,

Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 5:26am
I have no clue what you wrote or how to implement any changes to fix the problem
November 20th, 2012 3:49pm

Hi All,

  I have the same issue but i didn't create the DNS rule? 

As

 

Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 12:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics