I need to turn off DNS Gaurd to test a theory about reverse lookups not succeeding by outside mail servers. It has been brought to my attention by users that certain mail servers from other companies will perform a Reverse Lookup on the address sending the mail message. Fine and good, however, we host the Primary DNS server behind the firewall (static address and conduit statements) for our domain. For mail servers that are not setup to perform this "check" on mail, mail is delivered. For mail servers that perform Reverse Lookups, its not being resolved...thus getting dropped. I have checked this with NSLookup internally and externally...fails everytime when I perform the Reverse Lookup externally on my Mail Server. I believe it is the DNS Gaurd but not sure how to disable it to test it.
Your problem is that you are using register.com as your primary DNS. Your on site DNS server is properly configured. Register.com doesn't know it should be responsible for the reverse dns zone of 234.197.167.in-addr.arpa. As such, when servers try to query it for reverse dns lookups, things fail. The only way for servers who check reverse dns to send y'all mail is if they cannot reach either of RCOM's dns servers.
I took the liberty of determining that cgtcollege.org is the domain name in question, and that 184.108.40.206 is the dns server. When I set that to be my DNS server in nslookup:
DNS Guard is basically used so that when DNS packets go through the PIX, the connection and translation that is created for them is torn down as soon as the DNS reply is received. This is because DNS packets are usually one packet out, and one packet in, nothing else, so there's no point tracking the connection and translation of these for the next hour like we would with a standard UDP packet. You really don't want to be able to turn this off.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :