[isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 7 Jul 2006 11:20:04 -0500

Tamponade -- the insertion of a tampon during surgery to check bleeding
 
:)
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God)
        Sent: Friday, July 07, 2006 11:15 AM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
        
        
        "Post-evacuation tamponade?"  You can't talk to a lady like
that!!!
        
        t
        
        
        On 7/7/06 8:26 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
spoketh to all:
        
        

                Hi Barbara,
                
                Thanks for getting the book! But one thing about my
books, it's like going to a medical school clinical lecture. If I'm
lecturing about evacuating epidural hematomas, you have to listen to the
whole thing -- you can't wink out during the time I'm talking about
preparing the skull and post-evacuation tamponade.
                
                So, what you missed are the assumptions on page 493,
which was that you don't have any other servers on your network, and
thus we are installing a DNS server on the ISA firewall.  Is that
assumption correct for your network?
                
                Tom
                
                Thomas W Shinder, M.D.
                Site: www.isaserver.org <http://www.isaserver.org/>
<http://www.isaserver.org/>  
                Blog: http://blogs.isaserver.org/shinder/
                Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>  
                MVP -- ISA Firewalls
                
                 
                
                

                        
                         
                        
________________________________

                        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara  Causey
                        Sent: Friday, July 07, 2006 9:16 AM
                        To:  isalist@xxxxxxxxxxxxx
                        Subject: [isalist] Re: Slightly OT Again:HP
ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem
                        
                         
                         
                        Thanks to everyone for their help. It is working
now, but something is still not right. If I set up the client computers
to use  the ISA server as a web proxy server then no Internet access.
The ISA 2000  server was set up this way and it worked great.
                        
                         
                         
                        In answer to your questions Dr. Tom, I was
following the instructions in your book that said to set up the ISA
server as  a caching only DNS server. I configured the internal DNS
server to use the  ISA's DNS server as its forwarder and I created the
rule you stated. The  client computers are using the internal DNS
server.
                        
                         
                         
                        Any ideas on what else could be  wrong?
                        
                         
                         
                        Barbara
                        
                        

                                
                                ----- Original Message ----- 
                                 
                                From:  Thomas W  Shinder
<mailto:tshinder@xxxxxxxxxxx> <mailto:tshinder@xxxxxxxxxxx>   
                                 
                                To: isalist@xxxxxxxxxxxxx 
                                 
                                Sent: Thursday, July 06, 2006 1:18  PM
                                 
                                Subject: [isalist] Re: Slightly OT
Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem
                                 
                                
                                 
                                Hi Barbara,
                                
                                 
                                 
                                Why are you running a DNS server on the
ISA firewall?  Is this configured as a caching only DNS server? If so,
you configure the  internal DNS server to use the ISA firewall's DNS
server as it's forwarder,  and you need to create a rule that allows the
internal DNS server access to  the Local Host Network for the DNS
protocol.
                                
                                 
                                 
                                Also, the clients should not be using
the ISA  firewall's caching only DNS server as their DNS server, they
should be using  the internal DNS server for both internal and external
name  resolution.
                                
                                 
                                 
                                Keep in mind that the caching only DNS
server on the  ISA firewall is a poor man's solution. The best solution
is to have DNS  resolvers on a DMZ segment.
                                
                                 
                                 
                                HTH,
                                
                                Tom
                                
                                 
                                
                                
                                Thomas W Shinder,  M.D.
                                Site: www.isaserver.org
<http://www.isaserver.org/> <http://www.isaserver.org/>  
                                Blog:
http://blogs.isaserver.org/shinder/
                                Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7>  
                                MVP -- ISA Firewalls
                                

                
                 
                
                 
                

                        
                         
                        
________________________________

                        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara  Causey
                        Sent: Thursday, July 06, 2006 12:01 PM
                        To:  isalist@xxxxxxxxxxxxx
                        Subject: [isalist] Slightly OT Again:HP
ProLiant DL320 Firewall/VPN/Cache Server setup DNS  problem
                        
                         
                         
                        Hello, it's me again. :-)
                        
                        I set up this server as a caching  only DNS
server following the instructions 
                        in the ISA Server 2004 book  by Dr. Tom and I
can access the Internet on this 
                        server, but not on  any of the internal
computers. I get the "Can not find 
                        server or DNS  error". I can ping the router
through this server, but can't 
                        get  anywhere on the Internet. Everything works
fine through the old ISA 2000  
                        server, but when I switch over to the new one
you can't go anywhere.  Would 
                        someone please point me in the right direction
to resolve this  matter?
                        
                        Thank you,
                        Barbara Causey

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2006