dNS And port scan

Running ISA on a Windows 2000 advanced server
DNS, active directory and dhcp on Windows 2000 advanced server
I have 13 servers on DNS

The ISA firewall is showing an error in event view that I am having an all port scan from an IP address that is my ISP.

My ISP claims that my ISA server is not correctly reading the error
that they are not actually port scanning me. They say because I have a dns server I am causing the error.

I had a third party come in with an analyser, they said it is my ISP.

Can an ISA incorrectly report an all port scan?

 

Yes, possibly. If the scans appear to be originating from your ISP's DNS servers, you are probably using DNS forwarders with recursion turned on.

Is VPN/RRAS configured on the server?

 

Is there a way to tell if recursion is turned on?

I do not use VPN.

 

I found the check box, disable recursion and checked it. I am still getting the port scan.

any other ideas?

 

Test with root hints not forwarders.

 

I checked out the root hints and they match the cache.dns file.

What do you mean by test the root hints?