Re: How do IE & ISA use DNS...?
- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2003 15:37:27 +0200
Uuuhhh, ok... it'll take me a while to process everything you just said, but
thanks anyway :)
Will also check the articles you mention...
Cheers
William R.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 26 September 2003 15:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How do IE & ISA use DNS...?
http://www.ISAserver.org
That's where it gets fun.
- If you use the proxy settings without having the FW client installed and
the LAT host does not have a direct route through ISA, IE is strictly a web
proxy client
- If you use the proxy settings with the FW client without a direct route
through the ISA, then you're a web-proxy-firewall client. Remember; all
traffic flows through the FW client, because it layers itself on top of
Winsock. It understand when someone wants to speak directly with the ISA
outgoing web requests listener as a web proxy client (because that
information is part of the mspclnt.ini file) and lets that flow though
unimpeded
- If you use the proxy settings with the FW client with a direct route
through the ISA, then you're a web-proxy-firewall-secureNAT client. This
doesn't change much in this particfular context, but another "web" app that
doesn't understand how to form proxy requests (your typical java app) then
becomes a firewall-secureNAT client.
- If you're crossing a nasty bridge on a foggy day and a scraggly, blind,
stinking old man queries you for your name, quest and favorite color, then
you're a true-geek-web-proxy-firewall-secureNAT client
Check out my client articles at www.isaserver.org. The first one discusses
the web proxy and firewall DNS caches and how to control them. Remember;
they depend on the underlying Windows name resolutoin functionality (also
described in that article).
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Fri, 26 Sep 2003 15:05:31 +0200
"William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Thanks for that Jim
But what if I am configured as all 3 clients... I.e. My IE Proxy settings
are set to use ISA, and I have the FW Client installed, and my default
gateway is set to use ISA... Which of the 3 will take precedence?
Also, can you try and think of a reason why my scenario could be happening,
given my current DNS config (which I believe is configured 100% according to
all the articles on the isaserver.org website). I mean, what is the W3Proxy
DNS cache, and how do I "fix" it...
Cheers
William R.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 26 September 2003 14:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How do IE & ISA use DNS...?
http://www.ISAserver.org
There are three answers to this:
* IE as WP client:
IE defers to ISA for all name resolution (CERN proxy requests), which
procedes like:
- w3proxy DNS cache, Windows name resolution process
* IE as FW client:
IE performs its own name resolution with the help of fwsrv, which procedes
like:
- fwsrv DNS cache, Windows name resolution process
* IE as SecureNAT client:
IE performs its own name resolution:
- Windows name resolution process
It's not specific to IE, but operates like this for any CERN-aware app.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Fri, 26 Sep 2003 14:03:55 +0200
"William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Hi there
I have a WAN link to a parent company who hosts a server which I wish to
access via the WAN link as opposed to the slow public internet connection.
All the routers have been configured to route traffic via the WAN link
instead of via the internet.
I now host a secondary DNS zone to my parent company in which the private IP
Address of the web server is listed, and when I do an NSLOOKUP, TRACERT,
PING etc I always connect via the private IP Address over the WAN link.
But when I try to use Internet Explorer to access the website I essentially
get timeouts and can never connect to the actual website. My theory now is
that when I try to access the website, my Internet Explorer (along with ISA
I presume) does not query my local DNS Server for the IP Address of the
website, but rather appears to receive the public IP Address of the website
(How..? I don't know!!), and that is why I believe my connection times out
because I try to access the site from the internet, and the routers on that
side then try to route the traffic back across the WAN link thus creating an
invalid session and thus it fails.
The DNS is setup as follows:
- My PC looks to internal DNS server
- Internal NIC of ISA looks to Internal DNS Server
- External NIC of ISA has no DNS settings
- DNS Server configured to use ISP's DNS servers as forwarders
Can anyone perhaps shed some light on this for me please?
Thanks
William R.
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
Other related posts:
