DNS for Exchange through ISA
- From: Steven Fitzgerald <Steven.Fitzgerald@xxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 18 Feb 2003 16:45:36 -0000
Hi,
This has a lot of DNS questions, but I'm mainly concerned about the security
of my DNS servers.
I've set my DNS servers up as below, I require external DNS lookup for
Exchange, but I'm not convinced that it's safe, or at least as safe as it
could be.
I've read that what I can do, is have my ISA server firewall look up DNS for
my domain, then set up forwarders from the Exchange server, to the ISA
server in order to get the relevant DNS info. However, this doesn't seem to
work.
The only way I can get it to work is to allow the DNS protocol (Query and
Server) through the firewall to the Exchange server, and I'm not happy this
is the best thing to do.
ISA Firewall
External NIC has no DNS entries
Internal NIC has ISP DNS entries
DNS setup:
Forward lookup Zone [External FQDN]
Listen on: Internal IP only
Forwarders: [ISP DNS servers]
*****************************************
Internal DNS server
NIC has 127.0.0.1 and other DNS server
DNS setup:
Forward lookup Zone [Internal Domain name]
Forwarders: [ISA Firewall internal IP] no recursion
******************************************
Exchange server running DNS
NIC has Internal DNS server and 127.0.0.1
DNS setup:
Forward lookup Zone [Internal Domain name]
Forwarders: [ISA Firewall internal IP] no recursion
Any hints or suggestions?
Steven Fitzgerald MCP
Other related posts:
