RE: DNS Issue

• From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 13 Feb 2003 21:17:50 -0800

The internal interface of ISA should have the DNS address of the Internal
DNS server only. 

The DMZ interface of ISA should have blank for the DNS address.

The External interface of ISA should have blank for the DNS address.

On the internal DNS, forwarding should be set to the DNS Server in the DMZ.
Do not remove root hints. However, there should be no root zone.

On the DMZ DNS, it should be set to forward to your ISP DNS. What do you
mean by default install? Is that an AD integrated zone? Is there a root
zone?

Then create packet filters to allow any to query your DMZ DNS server.

Create packet filter to allow your DMZ DNS server to query the whole
Internet.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835
www.reliancesoft.com

> -----Original Message-----
> From: tomerm1@xxxxxxx [mailto:tomerm1@xxxxxxx]
> Sent: Thursday, February 13, 2003 12:00 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] DNS Issue
> 
> http://www.ISAserver.org
> 
> 
> Hello Group!
> 
> I'm working on a test ISA using three home DMZ configuration. (see chart
at:
> http://members.cox.net/tomerm1/  ) I read both ISA books and can't find
proper
> configuration to get DNS to resolve names. My ISA dns settings point to
both
> Internal and External DNS (on the local interface). My Internal DNS has a
forwarder
> points to the External DNS which is configured as default installation. My
internal
> DNS is AD integrated and I removed all root hints from AD. I cannot
resolve from
> either Internal clients using SNAT or the External DNS server. Even the
ISA would
> not resolve. I tried several packet filters rules with no luck.
> 
> Does anyone know what packet filters I need to get it working???
> 
> Thank you all,
> 
> Tom
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue
• » RE: DNS Issue

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---