[isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem
- From: "Barbara Causey" <barbara@xxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 Jul 2006 12:03:42 -0400
No, I have an internal DNS server. Did I do bad???
----- Original Message -----
From: Thomas W Shinder
To: isalist@xxxxxxxxxxxxx
Sent: Friday, July 07, 2006 11:26 AM
Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache
Server setup DNS problem
Hi Barbara,
Thanks for getting the book! But one thing about my books, it's like going to
a medical school clinical lecture. If I'm lecturing about evacuating epidural
hematomas, you have to listen to the whole thing -- you can't wink out during
the time I'm talking about preparing the skull and post-evacuation tamponade.
So, what you missed are the assumptions on page 493, which was that you don't
have any other servers on your network, and thus we are installing a DNS server
on the ISA firewall. Is that assumption correct for your network?
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
----------------------------------------------------------------------------
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Barbara Causey
Sent: Friday, July 07, 2006 9:16 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
Thanks to everyone for their help. It is working now, but something is
still not right. If I set up the client computers to use the ISA server as a
web proxy server then no Internet access. The ISA 2000 server was set up this
way and it worked great.
In answer to your questions Dr. Tom, I was following the instructions in
your book that said to set up the ISA server as a caching only DNS server. I
configured the internal DNS server to use the ISA's DNS server as its forwarder
and I created the rule you stated. The client computers are using the internal
DNS server.
Any ideas on what else could be wrong?
Barbara
----- Original Message -----
From: Thomas W Shinder
To: isalist@xxxxxxxxxxxxx
Sent: Thursday, July 06, 2006 1:18 PM
Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
Hi Barbara,
Why are you running a DNS server on the ISA firewall? Is this configured
as a caching only DNS server? If so, you configure the internal DNS server to
use the ISA firewall's DNS server as it's forwarder, and you need to create a
rule that allows the internal DNS server access to the Local Host Network for
the DNS protocol.
Also, the clients should not be using the ISA firewall's caching only DNS
server as their DNS server, they should be using the internal DNS server for
both internal and external name resolution.
Keep in mind that the caching only DNS server on the ISA firewall is a
poor man's solution. The best solution is to have DNS resolvers on a DMZ
segment.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
------------------------------------------------------------------------
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara Causey
Sent: Thursday, July 06, 2006 12:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
Hello, it's me again. :-)
I set up this server as a caching only DNS server following the
instructions
in the ISA Server 2004 book by Dr. Tom and I can access the Internet on
this
server, but not on any of the internal computers. I get the "Can not
find
server or DNS error". I can ping the router through this server, but
can't
get anywhere on the Internet. Everything works fine through the old ISA
2000
server, but when I switch over to the new one you can't go anywhere.
Would
someone please point me in the right direction to resolve this matter?
Thank you,
Barbara Causey
Other related posts:
