[isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 Jul 2006 09:25:54 -0700
http://www.ISAserver.org
-------------------------------------------------------
..so it's not a drink sold with cookies by kids on neighborhood street corners?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Friday, July 07, 2006 09:20
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache
Server setup DNS problem
Tamponade -- the insertion of a tampon during surgery to check bleeding
:)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
Sent: Friday, July 07, 2006 11:15 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
"Post-evacuation tamponade?" You can't talk to a lady like that!!!
t
On 7/7/06 8:26 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
Hi Barbara,
Thanks for getting the book! But one thing about my books, it's
like going to a medical school clinical lecture. If I'm lecturing about
evacuating epidural hematomas, you have to listen to the whole thing -- you
can't wink out during the time I'm talking about preparing the skull and
post-evacuation tamponade.
So, what you missed are the assumptions on page 493, which was
that you don't have any other servers on your network, and thus we are
installing a DNS server on the ISA firewall. Is that assumption correct for
your network?
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara Causey
Sent: Friday, July 07, 2006 9:16 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Slightly OT Again:HP ProLiant
DL320 Firewall/VPN/Cache Server setup DNS problem
Thanks to everyone for their help. It is working now,
but something is still not right. If I set up the client computers to use the
ISA server as a web proxy server then no Internet access. The ISA 2000 server
was set up this way and it worked great.
In answer to your questions Dr. Tom, I was following
the instructions in your book that said to set up the ISA server as a caching
only DNS server. I configured the internal DNS server to use the ISA's DNS
server as its forwarder and I created the rule you stated. The client
computers are using the internal DNS server.
Any ideas on what else could be wrong?
Barbara
----- Original Message -----
From: Thomas W Shinder
<mailto:tshinder@xxxxxxxxxxx> <mailto:tshinder@xxxxxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Sent: Thursday, July 06, 2006 1:18 PM
Subject: [isalist] Re: Slightly OT Again:HP
ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem
Hi Barbara,
Why are you running a DNS server on the ISA
firewall? Is this configured as a caching only DNS server? If so, you
configure the internal DNS server to use the ISA firewall's DNS server as it's
forwarder, and you need to create a rule that allows the internal DNS server
access to the Local Host Network for the DNS protocol.
Also, the clients should not be using the ISA
firewall's caching only DNS server as their DNS server, they should be using
the internal DNS server for both internal and external name resolution.
Keep in mind that the caching only DNS server
on the ISA firewall is a poor man's solution. The best solution is to have DNS
resolvers on a DMZ segment.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
<http://www.isaserver.org/> <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara Causey
Sent: Thursday, July 06, 2006 12:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
Hello, it's me again. :-)
I set up this server as a caching only DNS server
following the instructions
in the ISA Server 2004 book by Dr. Tom and I can
access the Internet on this
server, but not on any of the internal computers. I
get the "Can not find
server or DNS error". I can ping the router through
this server, but can't
get anywhere on the Internet. Everything works fine
through the old ISA 2000
server, but when I switch over to the new one you can't
go anywhere. Would
someone please point me in the right direction to
resolve this matter?
Thank you,
Barbara Causey
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
