Hi Steven, I don't know what the definitive answer is, but here are my best choices: 1. Number one is using a smart host, like your ISP's SMTP server. Let it worry about resolving MX domain names 2. Configure the Exchange Server to use an external DNS server, in the SMTP properties dialog box 3. Remove the DNS server from the external interface (unless you have a dial up connection, in which case IPCP is going to assign it anyhow) HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Steven Fitzgerald [mailto:Steven.Fitzgerald@xxxxxxxxxxxxxxxxxx] Sent: Friday, February 14, 2003 11:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] Exchange 2000 DNS http://www.ISAserver.org Hi, I wonder if someone can give me an answer to the following questions re. The definitive DNS setup for Exchange 2k behind ISA. At the moment the DNS settings I have are: ISASERVER External NIC: DNS IP addresses of ISP Internal NIC: DNS IP addresses of local DNS servers DNS configuration Listening on Internal NIC Forwarding to DNS of ISP EXCHANGESERVER Single NIC on internal network DNS IP of local DNS servers and ISASERVER DNS configuration Forwarding to ISASERVER I've got a protocol rule set up on the ISA server to allow DNS query and Zone transfer to the ISA server, but it only works if I allow access to the Exchange server in there too, and I believe that's not very secure. From what I've read, this configuration should work, the Exchange server is forwarding DNS requests to the ISA server, which should look the request up and return it. Any ideas what I should do now? Many thanks. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')