RE: Cache DNS/forwarder on ISA W2K3 server

From: Jim Harrison <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 30 Sep 2003 06:20:34 -0700
As is the case with many government programs, this one is a flop.

Mechanics all over the world are having to revert back to box- and open-end 
wrenches to get their work done.  Needless to say, they're not amused.

What was at first considered by many BS-bingo experts to be an innovative, 
forward-out-of-the-box-thinking move, the recently-imposed socket pooling 
policy has actually reduced once-proud metric and SAE ratchets and their 
attachments to rusting metallic blobs.  Homeowners were also unamused when the 
discovered that their swimming pools had been filled with greasy tools by 
persons unknown.

IANA representatives have stated that this initiative compares unfavorably to 
the Verisign scandal, and that they will seek the maximium penalty for the 
initiators of this ill-conceived program.
Currently, the maximum penalty that may be imposed for this type of offense is 
to provide 24/7 Linux phone support.


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 30 Sep 2003 07:43:42 -0500
 "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org


Hi Darryl,
 
The DNS service does not use socket pooling. You just need to bind the
DNS listener to a certain IP address.
 
The SMTP service socket pooling feature must be disabled. That is
covered in the pre beta ISA/Exchange deployment kit docs. You better
check them out ASAP, because my provider informed me that I'm going to
be offline for the rest of the week.
 
They're at www.tacteam.net/isaserverorg/exchangekit/default.htm
 
The procedure for the putting together the caching only server is
mentioned in both the installing DNS on ISA Server article and the
SecureNAT support article over at www.isaserver.org/shinder
 
HTH,
Tom
 
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: Darryl Janetzki [mailto:darrylj@xxxxxxxxxxxxxxxx] 
        Sent: Tuesday, September 30, 2003 5:47 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Cache DNS/forwarder on ISA W2K3 server
        
        
        http://www.ISAserver.org
        
        

        Hi everyone. Thanks for input that everyone gave with the RDP
issue. I have a new problem. I deployed a W2K3 ISA server using an
external DNS  - (No-IP) for the site.Everything worked fine with regards
to WWW and the RDP issue once the binding on the external interface for
RDP was removed. I decided to install a caching/forwarder DNS server on
the internal interface.

         

        Problems ...immediately ... I could not resolve any internal
resources. Every local resource became resolved to the external
interface...causing the WWW publishing and other rules to fail. I
checked the configuration against a working installation (upgrade from
W2K to W2K3) and could not resolve the new problem. I decided to
uninstall DNS (Internal Interface) on the ISA server and have the active
directory server resolve external sites from the ISP's DNS as a
forwarder (I am not happy about this but it worked).

         

        I think this is a socket pooling issue again. I checked the DNS
server on ISA and ensured that it was listening on the internal LAN
card. Ran  NETSTAT -NA | find  <external interface ip> only the services
that were published using server publishing rules could be identified
and a port scan from GRC.com identified that the server was secure.

         

        Has anyone successfully published DNS or SMTP on ISA's internal
interface using W2K3 (not upgrade)... If so was it a socket pooling
issue or a combination of   "fixes"  

         

        ... For the time being I intend to use the DNS on the Active
Directory server until this issue is sorted. I am not keen to deploy
another DNS cache/forwarder on another internal server and use
publishing rules as I anticipate that this will fail.

         

        Thanks in advance for any input on this

         

        Darryl Janetzki



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
RE: Cache DNS/forwarder on ISA W2K3 server

Other related posts:
