You are correct. There is some kind of packet filter confusion with the http proxy off. The name resolution works fine with the proxy turned on but times out when the proxy is turned off. However you can go to the console and the resolution is fine which leads me to believe its a packet filter issue.
All the tests were done with http proxy in standard mode. First its turned off and then turned on. Another thing that I have noticed is that nslookup is taking a long time on windows machines, but dig doesn't show any irregularities[:S]
I have attached a few screenshots with windows nslookup and windows dig and then finally on the console with dig with the http proxy turned off and then on.
Ah found the culprit. The intrusion detection is playing mind games with simple folks like us. Wow, this default level of protection from IPS might be too much for new users etc. Everything works fine if you turn off the IPS. Here is a snip from the alert...
Intrusion Protection Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: DNS dns response containing rfc1918 address detected
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=13249 Time...........: 2009:06:15-15:41:23
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Potential Corporate Privacy Violation IP protocol....: 17 (UDP)
Source IP address: 192.168.0.1
Source port: 53 (domain)
Destination IP address: 192.168.0.10
The above rule might be useful for some people but in general seems like an over kill. You can't add astaro as a DNS host so all the windows users will be generating a bunch of alerts when using nslookup since dig is only available via 3rd parties for windows. Interesting enough dig doesn't generate the alert and hence my initial observation about nslookup being slow. Disabling the above rule in IPS doesn't speed up nslookup any ...
