RE: RES: RE: RES: OT: DNS dies
- From: "Mark Hippenstiel" <m.hippenstiel@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 28 Mar 2003 15:55:43 +0100
Yes, I remember having read this somewhere, never use 127.0.0.1 instead set
your local ip as the dns server. As to Secure NAT and firewall clients, the
web proxy and firewall service use the dns configured on the external
interface to resolve names.
Normally when not using dial-up, I would configure the external nic's DNS
entry to point to the internal DNS server too, for chaching reasons. This
way I "tunnel" all DNS queries through the internal DNS.
But unfortunately, all this doesn't apply. DNS works nice until it fails :)
Since this is my "lab" setup, it doesn't really matter, because the only
secure nat client is the server itself, but I see trouble coming whith my
exchange server.. We'll see...
Obg,
Mark
> -----Original Message-----
> From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
> Sent: Friday, March 28, 2003 3:47 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RES: RE: RES: OT: DNS dies
>
>
> http://www.ISAserver.org
>
>
> I used to have trouble if I didn't set the primary DNS server
> as the server itself when you are running DNS server on the
> same machine. Then external DNS servers were added to the
> forwarders list. No many secrets besides this... My ISA
> server is just a member server.
>
> At least that's how I do all my setups, I can't remember if
> there was some MSKB document saying this must be done.
>
>
> Tiago de Aviz
> IT Consultant
> MCP-CNA-AIX-CCNA-CCDA
> --------------------------------
> www.softsell.com.br
> tiago@xxxxxxxxxxxxxxx
> --------------------------------
>
>
> -----Mensagem original-----
> De: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Enviada em: sexta-feira, 28 de março de 2003 11:30
> Para: [ISAserver.org Discussion List]
> Assunto: [isalist] RE: RES: OT: DNS dies
>
> http://www.ISAserver.org
>
>
> Well,
> I use my DC for DNS, and the web/fw clients will never
> resolve on their own than rather letting isa do the job for
> them. Since I use a dial-up connection, external DNS' are
> always set on the external interface, so there's no issue
> with that. Looks like a bug or flaw in dns, although I have
> to say that I experience this problem for the first time (at
> least with win2k, let's not talk about nt4 :-)
>
> Anyway, basically the setting is the same as yours, exept
> that DNS queries are processed by ISA server before reaching
> the real world.
>
> Mark
>
> > -----Original Message-----
> > From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
> > Sent: Friday, March 28, 2003 3:22 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RES: OT: DNS dies
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Mark,
> >
> > Here I set up a DNS Server on my ISA Server, and I also set up some
> > ISP DNS servers on my forwarder list. I don't use an
> internal server
> > to do this.
> >
> > Only Secure NAT folks won't resolve after the DNS hangs?
> >
> > Tiago de Aviz
> > IT Consultant
> > MCP-CNA-AIX-CCNA-CCDA
> > --------------------------------
> > www.softsell.com.br
> > tiago@xxxxxxxxxxxxxxx
> > --------------------------------
> >
> >
> > -----Mensagem original-----
> > De: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> > Enviada em: sexta-feira, 28 de março de 2003 11:17
> > Para: [ISAserver.org Discussion List]
> > Assunto: [isalist] OT: DNS dies
> >
> > http://www.ISAserver.org
> >
> >
> > Hi list,
> >
> > Slightly off-topic: Has anybody experienced a problem with
> DNS service
> > dying intermittantly? I have my internal DNS setup as a
> forwarder and
> > allowed DNS communication on ISA. Every now and then the DNS dies
> > resulting in Secure NAT clients not able to resolve external
> > addresses. First I thought this could be caused by my
> testing on the
> > ISA server but I found out that this happens even if I don't touch
> > anything.
> >
> > I applied all necessary updates and SPs and checked KB but without
> > success. Any idea??
> >
> > Thanks
> > mark
> >
> >
> >
> > Free Trial Software: Monitor & Manage Web Use with SurfControl Web
> > Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank
> > email to $subst('Email.Unsub')
> >
> > Free Trial Software: Monitor & Manage Web Use with SurfControl Web
> > Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> > to $subst('Email.Unsub')
> >
>
>
>
> Free Trial Software: Monitor & Manage Web Use with
> SurfControl Web Filter for MS ISA Server
> http://www.surfcontrol.com/go/zisadl1
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank
> email to $subst('Email.Unsub')
>
> Free Trial Software: Monitor & Manage Web Use with
> SurfControl Web Filter for MS ISA Server
> http://www.surfcontrol.com/go/zisadl1
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
Other related posts:
