I have a friend whom has a problem with we believe DNS. In this case the ISP is NTL. He has a stateful firewall and is running NAT you can see from the tcp dump below that he sends the query to one DNS server but another responds thus breaking the firewall state and therefore it never resolves. Should the provider have the forwarding option on there servers or does he need to punch another hole in his firewall.
cheers
09:23:01.216136 80.2.189.69.53 > 194.168.8.100.53: 54051+ [1au][|domain]
(DF)
09:23:01.534353 194.168.4.100.53 > 80.2.189.69.53: 54051[|domain] (DF) 09:23:01.534618 80.2.189.69 > 194.168.4.100: icmp: 80.2.189.69 udp port 53
unreachable [tos 0xc0]
09:23:11.238123 80.2.189.69.53 > 194.168.8.100.53: 12113+ [1au][|domain]
(DF)
09:23:11.414372 194.168.4.100.53 > 80.2.189.69.53: 12113[|domain] (DF) 09:23:11.414606 80.2.189.69 > 194.168.4.100: icmp: 80.2.189.69 udp port 53
unreachable [tos 0xc0]
09:23:19.634810 80.2.189.69.53 > 194.168.8.100.53: 9737+ [1au][|domain]
(DF)
09:23:19.643883 194.168.4.100.53 > 80.2.189.69.53: 9737[|domain] (DF) 09:23:19.644127 80.2.189.69 > 194.168.4.100: icmp: 80.2.189.69 udp port 53
unreachable [tos 0xc0]
Paul Gilbert
Router Management Solutions, Inc.
work: 5167666068
mobile: 5164564983