On 10/4/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > It depends. > > What do you want to do? Have the most efficient and secure DNS configuration as possible with the following network setup: Internet | | v ISA Server - Integrated Mode | | LAN + Servers Currently there are two AD DNS servers on the LAN, both of them have their TCP/IP DNS client settings pointing to localhost and the ISP's DNS server. Both of them also have their DNS server settings with no DNS forwarder specified. The current ISA 2000 server is in its own forest, has no DNS forwarder, but the external NIC has both of the ISP's DNS servers specified, and the internal NIC only points to localhost (its own DNS server). I was thinking it would be best to have all of the LAN DNS servers forward their requests to the new ISA (2004; replacing ISA 2000) server, which would be a secondary DNS server for AD and forward to the ISP for external requests. ...D