I belive I have all the roll up hot fixes already but I will check just to make sure and get back to you .. http://www.ISAserver.org Hi Jim, What do you see when you server publish the DNS on the box? I've been able to make it work the few times I've tried it. Did you find it unreliable? Have you tried it since the release of the rollup hotfix? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, October 30, 2003 10:52 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Interesting ISA Problem http://www.ISAserver.org Unfortunately, server-publishing DNS to the local box never seems to work. I've always had to packet-filter it <sigh> Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 30 Oct 2003 18:45:19 -0600 "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Glenn, Why not create a DNS server publishing rule and bind the DNS listener to the internal interface? Then you can take advantage of the DNS application filter to protect yourself against DNS related attacks. HTH, Tom www.isaserver.org/shinder _____ From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Thursday, October 30, 2003 3:52 PM To: [ISAserver.org Discussion List] Cc: jim@xxxxxxxxxxxx Subject: [isalist] Interesting ISA Problem http://www.ISAserver.org [Glenn Maks] One more thing - it is strange that when creating the filters to pass DNS Send and Receive through you have the ability to apply the filter to ALL DEFAULT IP addresses on the External Interface? so one would assume that this same filter would work for any IP address bound to the Interface, including the secondary IP addresses? Ok - I solved my publishing DNS issue, I decided to run DNS on my ISA server and have that serve as my SOA for all my public name spaces, but here is something I discovered, both with publishing my MX server and playing around with publishing DNS Servers. I have on my External NIC one primary IP address and several additional IP addresses for other services like web sites and FTP sites and so on, I discovered that no matter what services I pass through ISA it will not work unless I use the Primary IP address. Let me explain, My Public MX server was living behind my old firewall, in the process of migrating services over and replacing my OLD firewall with ISA, I moved the MX server behind my ISA server, I took the Public IP address for the MX server and added it as an additional IP address to the External Interface of ISA, then I published the MX server, I found that mail could be delivered but the return trip got lost, it was not until I changed the Primary IP address of the ISA server to the Original IP address the MX server was known as, did the mail come back to me. ? Same as the DNS issue I had, running DNS on my ISA server and having it listen on all interfaces one would think it would work even though the IP address of the SOA server is NOT the primary IP address of the ISA External Interface. I hope I was clear in my explanation. Any Takers on this one ?? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')