Re: How does WEB Proxy use DNS?!?!?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 May 2003 08:07:40 -0700
Take a look in my articles on ISA client types.
Generally, Web Proxy and Firewall clients depend on ISA for name resolution,
but that also can depend on the ISA configuration.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, May 26, 2003 02:44
Subject: [isalist] How does WEB Proxy use DNS?!?!?
http://www.ISAserver.org
Hi there
I have just now established that neither my client workstation, nor the
ISA Firewall make use of my internal DNS server. In testing this,
imagine the following scenario:
- I have 2 public B-Class address ranges registered to my
company (1.1.x.x and 2.2.x.x), but my extranet server is hosted on a
public IP Address that has been assigned by my ISP (3.3.3.x)
- The extranet server is hosted on a DMZ segment on a PIX
firewall which NAT's the ISP-provided IP Address (3.3.3.x) to the actual
IP Address of the server (2.2.x.x)
- Behind the PIX firewall is my ISA firewall through which all
my clients surf the internet.
- Now my problem is that when my users (on 1.1.x.x) access this
extranet server, I want them to access it via my IP Address (2.2.x.x)
and NOT from the ISP's IP Address (3.3.3.x) The rest of the world will
obviously access it via 3.3.3.x, but for various reasons I would like my
users to access it via 2.2.x.x
So to fix this I added a new DNS Zone with the entry for the extranet
server and when I do an NSLOOKUP I resolve against my local DNS server
to my own IP Address. Great, or so I would think.
When I try to type in the DNS name of the server in my Internet Explorer
I eventually get error 10060 - Connection timeout. So then I looked at
the DNS Settings:
- My workstation is setup to use my local DNS Servers
- My ISA Firewall has the local DNS Servers setup on the
Internal interface, and no DNS Servers on the External Interface
When I do an NSLOOKUP from both my workstation and the server, they both
return my IP Address (2.2.x.x) and NOT the ISP address
So no I am very confused, it would appear that neither my workstation,
nor the ISA Firewall, do any form of DNS Lookup when trying to evaluate
a URL. I don't know what the h?ll they are doing, but they're not
looking at my DNS Servers.
Does anyone have an idea on how to resolve this? Is the DNS config on my
ISA Server correct?
Cheers
William R.
_____
William Robertson
AST Mpumalanga
Systems House / Consultant: Software
Tel: 013-2472703 / 083 638 0354
Fax: 013-2462236
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
