I tried adding the Bellsouth DNS servers to the external NIC and got the same thing. For now they reside on the internal AD server. I still can't resolve anything externally. I've repeatedly tried to follow the tutorials but something has to be missing. The external dns servers are placed n the internal DNS server. This, I thought, should take care of external resolution. Am I missing something here? Thanks _____ From: Chris H [mailto:ntpro@xxxxxxxxxx] Sent: Tuesday, January 06, 2004 9:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Need help preparing for ISA install http://www.ISAserver.org How does your internal AD DNS server get out to the internet to forward on the DNS lookup request? You could also add the Bellsouth DNS servers to the external ISA server NIC configuration and then it would handle the DNS lookup for your clients I believe. Chris ----- Original Message ----- From: Marvin Cummings <mailto:marvc@xxxxxxxxxxxxx> To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx> Discussion List] Sent: Tuesday, January 06, 2004 3:22 AM Subject: [isalist] Need help preparing for ISA install http://www.ISAserver.org Wondering if I can enlist some help from the list in preparing my network for ISA 2000 Ent.? I initially tried to follow the quick-guide and the cache-only dns tutorial but ran into some problems getting internet access to my secureNAT clients. I found that after installing ISA I had internet access on the server without having to configure any rules. I also found that whenever I attempted to nslookup external resources I kept getting DNS timeout errors. So before I reinstall ISA I want to take a minute and see if I can get DNS properly configured before proceeding. As of right now I'm using my linksys with the default configuration. I'm using the Configure ISA Server Interface Settings tutorial and running into problems after setting up the interfaces as suggested: South - Internal Interface first North - External Interface second North - External Interface: Uncheck Client for Microsoft Networks & File and Printer Sharing. Use the following IP address: IP: 123.123.123.170 Subnet: 255.255.255.248 Gateway: 123.123.123.169 DNS is empty Click Advanced. Click DNS tab: uncheck "Register this connection's. Click WINS tab: uncheck "Enable LMHosts lookup Select "Disable NetBIOS over TCP/IP Click OK South - Internal Interface: Check Client for Microsoft Networks & File and Printer Sharing. Use the following IP address: IP: 192.168.1.50 Subnet: 255.255.255.0 Gateway: 0.0.0.0 DNS: Preferred DNS server: 192.168.1.40 - Internal AD DNS server Click Advanced. Click DNS tab: check "Register this connection's. Click WINS tab: uncheck "Enable LMHosts lookup Select "Enable NetBIOS over TCP/IP Click OK My internal DNS is configured as follows: Interfaces tab: IP of internal DNS server Forwarders tab: IP's of BellSouth DNS servers Secure only selected Now I create a dial up connection for my DSL account and connect the external nic cable to my DSL modem. I'm able to connect to the internet and perform nslookup on internal resources, but when I try to nslookup anything external I get the following error: > nslookup bellsouth.net or 205.152.37.254 Server: myserver.mydomain.com Address: 192.168.1.40 DNS request timed out. Timeout was 2 seconds. DNS request timed out. Timeout was 2 seconds. *** Request to myserver.mydomain.com timed-out C:\> What am I missing here? Prior to this I'm able to nslookup internal and external resources. Any responses are appreciated. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ntpro@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')