DNS CONFIG ON EXTERNAL NIC
- From: "Cantrell, Rick" <Rick.Cantrell@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 22 Nov 2002 12:51:46 -0500
> I recently worked a problem where removing the DNS settings from the external
> NIC resolved the problem. The symptom was that the ISA server would pass DNS
> requests for 45 seconds, then would stall for 45 seconds, then resume again.
> This delay could be see using network monitor. The customer had both NICs
> configured for DNS. The internal NIC pointing to an internal DNS server and
> the external NIC pointing to an external DNS server. I found two articles
> regarding DNS configurations for the external nic on the isaserver.org
> website.
> This info was published by Jim Harrison: What many folks will do is place DNS
> resolver IPs in both NICs, ISP in the external, local in the internal. While
> this seems to make sense, it> '> s actually very inefficient and you can
> actually cause huge timeouts this way.
> The other article is published by Ricky Magelhaes and states: Firewall
> clients send all of their DNS queries to the ISA server, the ISA server then
> acts as a DNS proxy forwarding the request to the DNS server that has been
> configured on the external interface of the ISA server.
> Typically ISA server Secure NAT clients do not use ISA server for DNS
> queries, the queries are sent directly to a DNS server. If the DNS query is
> for a computer on the internal network then the query is sent to the internal
> DNS server. This server should be configured for both external and Internal
> DNS queries. If the only queries that will be requested will be Internet
> queries it is recommended that the queries be sent to an external Internet
> DNS server only. I don't understand the above at all. How is this done
> actually?
> Web Proxy clients send all of their DNS queries to the ISA server the ISA
> server then acts as the DNS proxy, forwarding the request to the DNS server
> that has been configured on the external interface of the ISA server.
> Between these two article, it seems that Jim's configuration is correct. Can
> anyone explain these article comments and how ISA gets confused when both
> NICs are configured to use DNS?
>
> Thanks,
> Rick
>
>
>
Other related posts:
