RE: DNS Issue

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 14 Feb 2003 13:07:39 -0600

Hi Tom,

Do the queries from the external clients make it to the DNS server on
the DMZ? When you put a DNS client on the segment that the external
interface is connected to, do you see any response?

Is IP Routing enabled on the ISA Server?

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 


-----Original Message-----
From: Tom Mendelboim [mailto:tomerm1@xxxxxxx] 
Sent: Friday, February 14, 2003 12:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS Issue


http://www.ISAserver.org


Tom and John,

I appreciate the help on this one. I've worked with ISA's for a long
time and never ran into problems like this one. I tried creating the
rules you suggested and it is a trihome environment. At this point I
just want to resolve external addresses from my DNS which is on my DMZ.
I can't even do that... I believe it's a routing issue within ISA and I
opened a case with Microsoft. They are puzzeled as well since it
"should" work...

I will update the group on this one.

Thanks,

Tom
> 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> Date: 2003/02/14 Fri PM 01:10:02 EST
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] RE: DNS Issue
> 
> http://www.ISAserver.org
> 
> 
> Hi Tom,
> 
> It sounds like you want to put your public DNS server on the trihomed,
> public address DMZ segment.
> 
> You need to create packet filters to allow:
> 
> Source any
> Destination TCP 53
> 
> Source any
> Destination UDP 53
> 
> A dynamic packet filter will allow the DNS servers to respond to the
> clients
> 
> The DNS server on the DMZ should be an "advertiser", so that it only
> answers for names that its authoritative for. It should not be able to
> perform recursion. I'm pretty sure I have the details of that config
in
> the second book. If not, they are in the split DNS article over at
> www.isaserver.org/shinder
> 
> HTH,
> Tom
> 
> Thomas W Shinder
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp 
> 
> 
> -----Original Message-----
> From: tomerm1@xxxxxxx [mailto:tomerm1@xxxxxxx] 
> Sent: Thursday, February 13, 2003 2:00 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] DNS Issue
> 
> 
> http://www.ISAserver.org
> 
> 
> Hello Group!
> 
> I'm working on a test ISA using three home DMZ configuration. (see
chart
> at: http://members.cox.net/tomerm1/  ) I read both ISA books and can't
> find proper configuration to get DNS to resolve names. My ISA dns
> settings point to both Internal and External DNS (on the local
> interface). My Internal DNS has a forwarder points to the External DNS
> which is configured as default installation. My internal DNS is AD
> integrated and I removed all root hints from AD. I cannot resolve from
> either Internal clients using SNAT or the External DNS server. Even
the
> ISA would not resolve. I tried several packet filters rules with no
> luck.
> 
> Does anyone know what packet filters I need to get it working???
> 
> Thank you all,
> 
> Tom
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
tomerm1@xxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
> 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---