> I recently worked a problem where removing the DNS settings from the external > NIC resolved the problem. The symptom was that the ISA server would pass DNS > requests for 45 seconds, then would stall for 45 seconds, then resume again. > This delay could be see using network monitor. The customer had both NICs > configured for DNS. The internal NIC pointing to an internal DNS server and > the external NIC pointing to an external DNS server. I found two articles > regarding DNS configurations for the external nic on the isaserver.org > website. > This info was published by Jim Harrison: What many folks will do is place DNS > resolver IPs in both NICs, ISP in the external, local in the internal. While > this seems to make sense, it> '> s actually very inefficient and you can > actually cause huge timeouts this way. > The other article is published by Ricky Magelhaes and states: Firewall > clients send all of their DNS queries to the ISA server, the ISA server then > acts as a DNS proxy forwarding the request to the DNS server that has been > configured on the external interface of the ISA server. > Typically ISA server Secure NAT clients do not use ISA server for DNS > queries, the queries are sent directly to a DNS server. If the DNS query is > for a computer on the internal network then the query is sent to the internal > DNS server. This server should be configured for both external and Internal > DNS queries. If the only queries that will be requested will be Internet > queries it is recommended that the queries be sent to an external Internet > DNS server only. I don't understand the above at all. How is this done > actually? > Web Proxy clients send all of their DNS queries to the ISA server the ISA > server then acts as the DNS proxy, forwarding the request to the DNS server > that has been configured on the external interface of the ISA server. > Between these two article, it seems that Jim's configuration is correct. Can > anyone explain these article comments and how ISA gets confused when both > NICs are configured to use DNS? > > Thanks, > Rick > > >