RE: DNS and recursion
- From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 23 Sep 2004 22:17:55 -0400
Hi Tom,
I will try doing that also (nic Speed)
So do u suggest I remove DNS from ISA..
Or let the config be like it is for now ?
Would you like remote access to my ISA to figure out if something is fishy
;)
Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 764-0269 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
----------------------------------------------------------------------------
-------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 9:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
Hi Aman,
If you have an internal DNS infrastructure that is already capable of
Internet host name resolution, then you don't need to put a caching-only
DNS server on the ISA firewall. What goal of that quick start guide was
to make things easy for the "IP Cop", "Sonicwall" crowd so that they
would have an experience similar to those simple, yet weak, "firewall"
devices.
HTH<
Tom
-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 8:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
That means , my config before ISA .. of having the AD integrated DNS
with
forwarders to ISP ...was fine ?
There is no need or necessity to put DNS on ISA and have it as a stub
zone ?
Thanks
Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
764-0269 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of
the person or entity to whom it is addressed. The contained information
is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you
are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify
the
sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 8:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
Hi Aman,
My preferred configuration is that you use a DNS forwarder that is a
caching only machine somewhere on the Network. You can put it on the ISA
firewall, but the firewall has enough to do. That way, external DNS
servers are not in direct contact with the Internal network's
authoritative DNS servers for your domain.
HTH,
Tom
-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 6:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
Tom ,
I am leaving for the day but still waiting for your comments on my
configuration and if there is a better DNS structure.
Thanks
Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of
the person or entity to whom it is addressed. The contained information
is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you
are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify
the
sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------
-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 7:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
Also my clients are configured with the ISA as their dns server
Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of
the person or entity to whom it is addressed. The contained information
is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you
are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify
the
sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 6:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
Hi Aman,
If you have an internal DNS, you don't have to have a forwarder on the
ISA firewall. I wrote that to make things easy, like Jim, I've learned
my lesson in 'no good deed goes unpunished' :-)
However, putting a caching only DNS server on the ISA firewall won't
slow things down. Its likely a layer 1 problem.
What are the *exact* details of your DNS settings on the ISA firewall's
interface(s)?
Thanks!
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Thursday, September 23, 2004 5:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
I have DNS on ISA 2004 on widows 2003.
I have stub zone (as I have internal AD DNS)
On ISA 2004, in DNS, on forwarders tab I have ISP's forwarders... and I
have
DO NOT USE RECURSION FOR THIS DOMAIN .... checked
But in advanced tab
DISABLE Recursion(also disables forwarders) is NOT CHECKED
I think this is the right config as per the documentation.
Or I am also doing something wrong ?
can this be the reason for my slow internet ? ;)
Scanbuy Inc
Aman Bedi | Systems/Network Administrator
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212)
202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use
of
the person or entity to whom it is addressed. The contained information
is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you
are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify
the
sender immediately.
------------------------------------------------------------------------
----
------------------------------------------------------------------------
----
-------------------------------------
-----Original Message-----
From: Administrator [mailto:Administrator@xxxxxxxxxxxxx]
Sent: Thursday, September 23, 2004 6:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
Hi
Do you mean you disabled recursion and therefore also forwarding?
William
-----Original Message-----
From: Jakko [mailto:jakko.sjoerds@xxxxxxxxxxx]
Sent: 24 September 2004 00:27
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and recursion
http://www.ISAserver.org
I have disabling the forwarderders off my isp. Now we have mutch better
performance.
-----Original Message-----
From: William England [mailto:william@xxxxxxxxxxxxx]
Sent: Thursday, September 23, 2004 11:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] DNS and recursion
http://www.ISAserver.org
Hi
In the article about having a DNS on ISA2000 you refer to using
forwarders but disable recursion.
This is not possible in Windows 2003. Disabling recursion disables
forwarders also. Should I leave recursion on to use forwarders?
This is an SBS 2003 machine
Any ideas or recommendations?
William
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jakko.sjoerds@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
administrator@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
