RE: DNS Issue

  • From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 14 Feb 2003 11:08:14 -0800

As soon as you said routing issue a light bulb came on.

Do you have the subnets configured properly?

A trihomed must have properly configured subnets and routes.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835
www.reliancesoft.com


> -----Original Message-----
> From: Tom Mendelboim [mailto:tomerm1@xxxxxxx]
> Sent: Friday, February 14, 2003 10:39 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS Issue
> 
> http://www.ISAserver.org
> 
> 
> Tom and John,
> 
> I appreciate the help on this one. I've worked with ISA's for a long time
and never
> ran into problems like this one. I tried creating the rules you suggested
and it is a
> trihome environment. At this point I just want to resolve external
addresses from my
> DNS which is on my DMZ. I can't even do that... I believe it's a routing
issue within
> ISA and I opened a case with Microsoft. They are puzzeled as well since it
"should"
> work...
> 
> I will update the group on this one.
> 
> Thanks,
> 
> Tom
> >
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> > Date: 2003/02/14 Fri PM 01:10:02 EST
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Subject: [isalist] RE: DNS Issue
> >
> > http://www.ISAserver.org
> >
> >
> > Hi Tom,
> >
> > It sounds like you want to put your public DNS server on the trihomed,
> > public address DMZ segment.
> >
> > You need to create packet filters to allow:
> >
> > Source any
> > Destination TCP 53
> >
> > Source any
> > Destination UDP 53
> >
> > A dynamic packet filter will allow the DNS servers to respond to the
> > clients
> >
> > The DNS server on the DMZ should be an "advertiser", so that it only
> > answers for names that its authoritative for. It should not be able to
> > perform recursion. I'm pretty sure I have the details of that config in
> > the second book. If not, they are in the split DNS article over at
> > www.isaserver.org/shinder
> >
> > HTH,
> > Tom
> >
> > Thomas W Shinder
> > www.isaserver.org/shinder
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp
> >
> >
> > -----Original Message-----
> > From: tomerm1@xxxxxxx [mailto:tomerm1@xxxxxxx]
> > Sent: Thursday, February 13, 2003 2:00 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] DNS Issue
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hello Group!
> >
> > I'm working on a test ISA using three home DMZ configuration. (see chart
> > at: http://members.cox.net/tomerm1/  ) I read both ISA books and can't
> > find proper configuration to get DNS to resolve names. My ISA dns
> > settings point to both Internal and External DNS (on the local
> > interface). My Internal DNS has a forwarder points to the External DNS
> > which is configured as default installation. My internal DNS is AD
> > integrated and I removed all root hints from AD. I cannot resolve from
> > either Internal clients using SNAT or the External DNS server. Even the
> > ISA would not resolve. I tried several packet filters rules with no
> > luck.
> >
> > Does anyone know what packet filters I need to get it working???
> >
> > Thank you all,
> >
> > Tom
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> tomerm1@xxxxxxx
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')



Other related posts: