This post has already been read 22999 times!
Was having a mission with one of our NetScalers last week when DNS WOULD NOT come up using UDP. The firewall guys were telling me that all the rules were in place and yet it still was not working! So, after much google’ing I found this blog entry: http://jhmeier.de/2009/11/26/citrix-access-gateway-enterprise-edition-is-not-able-to-contact-dns-server/
Basically – you need a rule to allow ping.
This is the text from his article – I must say it saved me a world of pain – hope it help some of you guys out there as much as it did me !
Here is an interesting “error” in a Citrix Access Gateway Enterprise Edition configuration. Our CAGEE was not able to resolve DNS names – a DNS-Server was configured but marked as down. A telnet on the console to port 53 (DNS-Port) to the DNS-Server worked. So why marks the CAGEE the DNS-Server as down and doesn’t use it? The solution is really simple: CAGEE must be able to ping the DNS-Server – then the DNS-Server is marked as up (when it’s reachable) and the CAGEE is able to resolve DNS-Names. A Citrix-technician told me that this is by design an not a bug.