RE: Interesting problem...
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 4 Mar 2005 07:47:58 -0400
" If they cannot resolve names to even get to the ISA server, they
certainly cannot get to the Internet."
That's what we're saying, that there is something wrong there if your
server entries are disappearing from your zone. That SHOULD NOT be
happening. If you restart one of your dns servers, the on restart, when
it's saying preparing network connections, that's when it is reloading
the AD zone amongst other things, so that when it comes online it's
ready to start servicing all network requests.
All my DNS servers point to themselves first and then to my "PDC" as
secondary. This is how it's done.
The only difference is that you only allow one dns server to query the
internet.
AS SAID BEFORE, THERE IS SOMETHING SERIOUSLY WRONG WITH YOUR DNS IF THE
SERVER a RECORDS ARE BEING REMOVED FROM THE ZONE ON A CACHE CLEAR OR A
RESTART.
S
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, March 03, 2005 11:50 PM
To: ISA Mailing List
Subject: [isalist] RE: Interesting problem...
http://www.ISAserver.org
I have each of the "outer" DNS servers setup to use themselves as a DNS
server first, and the PDC DNS server as a secondary. So, if that server
cannot resolve the address, it forwards it to the PDC, and if it cannot
resolve it, it then switches to the "forwarding" DNS server, which is
run by our ISP. This cuts down significantly on DNS lookup traffic
because they all use one server within our own network before venturing
out to the Internet to resolve the address.
If I leave the forwarding server entries blank, then it starts using the
"root hint" servers instead of our ISPs DNS server. I'd like to see
some studies on which method is faster, as I've heard arguments both
ways.
I was trying to remember how I got all of my "outer" DNS servers to
resolve back to the PDC before going out to the Internet, and it appears
to be the DNS entries in the network properties on the server, so that
makes sense and explains why only one DNS server actually does the
forwarding.
In order to duplicate what you describe, I'd have to remove the DNS
entries from all my "outer" DNS servers, and add them in as authorized
computers in my DNS firewall policy. But that wouldn't help me at all,
in that in order to reach the Internet they still have to resolve
internal names first. If they cannot resolve names to even get to the
ISA server, they certainly cannot get to the Internet.
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Thursday, March 03, 2005 16:08
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Interesting problem...
http://www.ISAserver.org
Mmmmm
I don't have a "pdc" DNS Server, I have a DNS rule to allow all my dns
servers to query the internet. None of my dns servers forward to
anywhere else. I found this to be the quickest for DNS resolution and if
any of my 4 dns servers are down for maintenance then there is no
interruption of service at all.
S
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
The haggis is unusual in that it is neither consistently nocturnal nor diurnal,
but instead is active at dawn and dusk (crepuscular), with occasional forays
forth during the day and night.
Other related posts:
