As is the case with many government programs, this one is a flop. Mechanics all over the world are having to revert back to box- and open-end wrenches to get their work done. Needless to say, they're not amused. What was at first considered by many BS-bingo experts to be an innovative, forward-out-of-the-box-thinking move, the recently-imposed socket pooling policy has actually reduced once-proud metric and SAE ratchets and their attachments to rusting metallic blobs. Homeowners were also unamused when the discovered that their swimming pools had been filled with greasy tools by persons unknown. IANA representatives have stated that this initiative compares unfavorably to the Verisign scandal, and that they will seek the maximium penalty for the initiators of this ill-conceived program. Currently, the maximum penalty that may be imposed for this type of offense is to provide 24/7 Linux phone support. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 30 Sep 2003 07:43:42 -0500 "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Darryl, The DNS service does not use socket pooling. You just need to bind the DNS listener to a certain IP address. The SMTP service socket pooling feature must be disabled. That is covered in the pre beta ISA/Exchange deployment kit docs. You better check them out ASAP, because my provider informed me that I'm going to be offline for the rest of the week. They're at www.tacteam.net/isaserverorg/exchangekit/default.htm The procedure for the putting together the caching only server is mentioned in both the installing DNS on ISA Server article and the SecureNAT support article over at www.isaserver.org/shinder HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Darryl Janetzki [mailto:darrylj@xxxxxxxxxxxxxxxx] Sent: Tuesday, September 30, 2003 5:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] Cache DNS/forwarder on ISA W2K3 server http://www.ISAserver.org Hi everyone. Thanks for input that everyone gave with the RDP issue. I have a new problem. I deployed a W2K3 ISA server using an external DNS - (No-IP) for the site.Everything worked fine with regards to WWW and the RDP issue once the binding on the external interface for RDP was removed. I decided to install a caching/forwarder DNS server on the internal interface. Problems ...immediately ... I could not resolve any internal resources. Every local resource became resolved to the external interface...causing the WWW publishing and other rules to fail. I checked the configuration against a working installation (upgrade from W2K to W2K3) and could not resolve the new problem. I decided to uninstall DNS (Internal Interface) on the ISA server and have the active directory server resolve external sites from the ISP's DNS as a forwarder (I am not happy about this but it worked). I think this is a socket pooling issue again. I checked the DNS server on ISA and ensured that it was listening on the internal LAN card. Ran NETSTAT -NA | find <external interface ip> only the services that were published using server publishing rules could be identified and a port scan from GRC.com identified that the server was secure. Has anyone successfully published DNS or SMTP on ISA's internal interface using W2K3 (not upgrade)... If so was it a socket pooling issue or a combination of "fixes" ... For the time being I intend to use the DNS on the Active Directory server until this issue is sorted. I am not keen to deploy another DNS cache/forwarder on another internal server and use publishing rules as I anticipate that this will fail. Thanks in advance for any input on this Darryl Janetzki ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*