RE: Interesting problem...
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 28 Feb 2005 13:08:42 -0500
The only reason they were "unexpected" is because I didn't recognize the
IPs. Once I compared them to the Root Hint IPs, it made sense.
I hadn't configured our ISP's DNS server as the forwarding server on
that one, since it wasn't "supposed" to be acting as a forwarder. So,
that makes sense why it contacted the Root Hint servers instead.
Thanks, the more I explain the symptoms, the more it makes sense to me.
I'm thinking it is more of a replication problem now, where settings
from the PDC DNS server are not making it to that one server, thus
screwing up the ISA server's name resolution, and slowing everything
down.
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, February 28, 2005 09:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Interesting problem...
http://www.ISAserver.org
Hi Dan,
Actually, it does.
ISA doesn't care how you've built your LAN.
What it does care about is that if a host wants to cross its boundaries,
the ISA policies allow it.
Using the root servers isn't unexpected if your LAN DNS servers aren't
"root" themselves.
If the PDC is also your primary LAN DNS server and it needs to perform
root lookups, then it also needs to be part of the DNS access policy.
Another way to get around this is to install a caching DNS server on the
ISA itself and let the LAN DNS servers forward to it.
Other related posts:
