[isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 07 Jul 2006 09:15:00 -0700

³Post-evacuation tamponade?²  You can¹t talk to a lady like that!!!

t


On 7/7/06 8:26 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all:

> Hi Barbara,
>  
> Thanks for getting the book! But one thing about my books, it's like going to
> a medical school clinical lecture. If I'm lecturing about evacuating epidural
> hematomas, you have to listen to the whole thing -- you can't wink out during
> the time I'm talking about preparing the skull and post-evacuation tamponade.
>  
> So, what you missed are the assumptions on page 493, which was that you don't
> have any other servers on your network, and thus we are installing a DNS
> server on the ISA firewall.  Is that assumption correct for your network?
>  
> Tom
>  
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
>  
> 
>>  
>>  
>> 
>>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Barbara  Causey
>> Sent: Friday, July 07, 2006 9:16 AM
>> To:  isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Slightly OT Again:HP  ProLiant DL320
>> Firewall/VPN/Cache Server setup DNS problem
>> 
>>  
>>  
>> Thanks to everyone for their help. It is working  now, but something is still
>> not right. If I set up the client computers to use  the ISA server as a web
>> proxy server then no Internet access. The ISA 2000  server was set up this
>> way and it worked great.
>>  
>>  
>>  
>> In answer to your questions Dr. Tom, I was  following the instructions in
>> your book that said to set up the ISA server as  a caching only DNS server. I
>> configured the internal DNS server to use the  ISA's DNS server as its
>> forwarder and I created the rule you stated. The  client computers are using
>> the internal DNS server.
>>  
>>  
>>  
>> Any ideas on what else could be  wrong?
>>  
>>  
>>  
>> Barbara
>>  
>>>  
>>> ----- Original Message -----
>>>  
>>> From:  Thomas W  Shinder <mailto:tshinder@xxxxxxxxxxx>
>>>  
>>> To: isalist@xxxxxxxxxxxxx
>>>  
>>> Sent: Thursday, July 06, 2006 1:18  PM
>>>  
>>> Subject: [isalist] Re: Slightly OT  Again:HP ProLiant DL320
>>> Firewall/VPN/Cache Server setup DNS problem
>>>  
>>> 
>>>  
>>> Hi Barbara,
>>>  
>>>  
>>>  
>>> Why are you running a DNS server on the ISA firewall?  Is this configured as
>>> a caching only DNS server? If so, you configure the  internal DNS server to
>>> use the ISA firewall's DNS server as it's forwarder,  and you need to create
>>> a rule that allows the internal DNS server access to  the Local Host Network
>>> for the DNS protocol.
>>>  
>>>  
>>>  
>>> Also, the clients should not be using the ISA  firewall's caching only DNS
>>> server as their DNS server, they should be using  the internal DNS server
>>> for both internal and external name  resolution.
>>>  
>>>  
>>>  
>>> Keep in mind that the caching only DNS server on the  ISA firewall is a poor
>>> man's solution. The best solution is to have DNS  resolvers on a DMZ
>>> segment.
>>>  
>>>  
>>>  
>>> HTH,
>>>  
>>> Tom
>>>  
>>>  
>>>  
>>> 
>>> Thomas W Shinder,  M.D.
>>> Site: www.isaserver.org <http://www.isaserver.org/>
>>> Blog: http://blogs.isaserver.org/shinder/
>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
>>> MVP -- ISA Firewalls
>  
>  
> 
>  
>>  
>>  
>> 
>>  From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Barbara  Causey
>> Sent: Thursday, July 06, 2006 12:01 PM
>> To:  isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Slightly OT Again:HP  ProLiant DL320 Firewall/VPN/Cache
>> Server setup DNS  problem
>> 
>>  
>>  
>> Hello, it's me again. :-)
>> 
>> I set up this server as a caching  only DNS server following the instructions
>> in the ISA Server 2004 book  by Dr. Tom and I can access the Internet on this
>> server, but not on  any of the internal computers. I get the "Can not find
>> server or DNS  error". I can ping the router through this server, but can't
>> get  anywhere on the Internet. Everything works fine through the old ISA 2000
>> server, but when I switch over to the new one you can't go anywhere.  Would
>> someone please point me in the right direction to resolve this  matter?
>> 
>> Thank you,
>> Barbara Causey
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2006