RE: DNS Issue

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 14 Feb 2003 12:10:02 -0600

Hi Tom,

It sounds like you want to put your public DNS server on the trihomed,
public address DMZ segment.

You need to create packet filters to allow:

Source any
Destination TCP 53

Source any
Destination UDP 53

A dynamic packet filter will allow the DNS servers to respond to the
clients

The DNS server on the DMZ should be an "advertiser", so that it only
answers for names that its authoritative for. It should not be able to
perform recursion. I'm pretty sure I have the details of that config in
the second book. If not, they are in the split DNS article over at
www.isaserver.org/shinder

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 


-----Original Message-----
From: tomerm1@xxxxxxx [mailto:tomerm1@xxxxxxx] 
Sent: Thursday, February 13, 2003 2:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] DNS Issue


http://www.ISAserver.org


Hello Group!

I'm working on a test ISA using three home DMZ configuration. (see chart
at: http://members.cox.net/tomerm1/  ) I read both ISA books and can't
find proper configuration to get DNS to resolve names. My ISA dns
settings point to both Internal and External DNS (on the local
interface). My Internal DNS has a forwarder points to the External DNS
which is configured as default installation. My internal DNS is AD
integrated and I removed all root hints from AD. I cannot resolve from
either Internal clients using SNAT or the External DNS server. Even the
ISA would not resolve. I tried several packet filters rules with no
luck.

Does anyone know what packet filters I need to get it working???

Thank you all,

Tom


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---