RE: DNS Issue

When I put the DNS server on the Internet I can resolve everything... Nothing 
if it's on the DMZ. I even follow exact steps in your new book just to verify 
pings (p.82-86) and still don't get responses... I can ping from the ISA the 
DNS on the DMZ but I cannot ping anything from the DNS on the DMZ. Something 
very strange is happening...

Tom
> 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> Date: 2003/02/14 Fri PM 02:07:39 EST
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] RE: DNS Issue
> 
> http://www.ISAserver.org
> 
> 
> Hi Tom,
> 
> Do the queries from the external clients make it to the DNS server on
> the DMZ? When you put a DNS client on the segment that the external
> interface is connected to, do you see any response?
> 
> Is IP Routing enabled on the ISA Server?
> 
> Thanks!
> Tom
> 
> Thomas W Shinder
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp 
> 
> 
> -----Original Message-----
> From: Tom Mendelboim [mailto:tomerm1@xxxxxxx] 
> Sent: Friday, February 14, 2003 12:39 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS Issue
> 
> 
> http://www.ISAserver.org
> 
> 
> Tom and John,
> 
> I appreciate the help on this one. I've worked with ISA's for a long
> time and never ran into problems like this one. I tried creating the
> rules you suggested and it is a trihome environment. At this point I
> just want to resolve external addresses from my DNS which is on my DMZ.
> I can't even do that... I believe it's a routing issue within ISA and I
> opened a case with Microsoft. They are puzzeled as well since it
> "should" work...
> 
> I will update the group on this one.
> 
> Thanks,
> 
> Tom
> > 
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> > Date: 2003/02/14 Fri PM 01:10:02 EST
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Subject: [isalist] RE: DNS Issue
> > 
> > http://www.ISAserver.org
> > 
> > 
> > Hi Tom,
> > 
> > It sounds like you want to put your public DNS server on the trihomed,
> > public address DMZ segment.
> > 
> > You need to create packet filters to allow:
> > 
> > Source any
> > Destination TCP 53
> > 
> > Source any
> > Destination UDP 53
> > 
> > A dynamic packet filter will allow the DNS servers to respond to the
> > clients
> > 
> > The DNS server on the DMZ should be an "advertiser", so that it only
> > answers for names that its authoritative for. It should not be able to
> > perform recursion. I'm pretty sure I have the details of that config
> in
> > the second book. If not, they are in the split DNS article over at
> > www.isaserver.org/shinder
> > 
> > HTH,
> > Tom
> > 
> > Thomas W Shinder
> > www.isaserver.org/shinder 
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp 
> > 
> > 
> > -----Original Message-----
> > From: tomerm1@xxxxxxx [mailto:tomerm1@xxxxxxx] 
> > Sent: Thursday, February 13, 2003 2:00 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] DNS Issue
> > 
> > 
> > http://www.ISAserver.org
> > 
> > 
> > Hello Group!
> > 
> > I'm working on a test ISA using three home DMZ configuration. (see
> chart
> > at: http://members.cox.net/tomerm1/  ) I read both ISA books and can't
> > find proper configuration to get DNS to resolve names. My ISA dns
> > settings point to both Internal and External DNS (on the local
> > interface). My Internal DNS has a forwarder points to the External DNS
> > which is configured as default installation. My internal DNS is AD
> > integrated and I removed all root hints from AD. I cannot resolve from
> > either Internal clients using SNAT or the External DNS server. Even
> the
> > ISA would not resolve. I tried several packet filters rules with no
> > luck.
> > 
> > Does anyone know what packet filters I need to get it working???
> > 
> > Thank you all,
> > 
> > Tom
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> tomerm1@xxxxxxx
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tomerm1@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 



Other related posts: