[isalist] OT: DNS and Forwarders

  • From: "ISA" <ISA@xxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 20 Oct 2006 09:20:27 -0400

http://www.ISAserver.org
-------------------------------------------------------

<if I only knew what the length of this string would turn into :)>

Update: MS PPS had me download/install a secret DNS patch and reboot. I
connected to the client's server this morning to find the DNS stopped
working again. (as always - I restarted the DNS service and it works
again).

Funny thing is that it usually stops between 8am-9am and then again
between 11am-12noon.

 

Joseph Danielsen, MCSA-Messaging, MCP

Network Blade Inc.

49 Marcy Street

Somerset, NJ 08873

732-213-0600

www.networkblade.com

 

 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Posted At: Friday, October 20, 2006 9:00 AM
Posted To: ISA
Conversation: [isalist] Re: OT: DNS and Forwarders
Subject: [isalist] Re: OT: DNS and Forwarders

http://www.ISAserver.org
-------------------------------------------------------
  
Heh heh Tim stimulates himself most days.......

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Gerald G. Young
Sent: Friday, October 20, 2006 9:22 AM
To: ISA Mailing List
Subject: [isalist] Re: OT: DNS and Forwarders

http://www.ISAserver.org
-------------------------------------------------------

You're trying to stimulate Thor...

Ah... okay...

Get a room, guys! ;)

Fun discussion to follow, though.  I've been enjoying it.

Urine and a rope... nope, never mind.  I am NOT going to ask. ;)

Jerry

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Greg Mulholland
Sent: Friday, October 20, 2006 12:26 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: OT: DNS and Forwarders

http://www.ISAserver.org
-------------------------------------------------------

agreed, i was more thinking of what else i need dns, other than ftp and
http
even on those clients i can separate into another network (if needed)

i was never having a go at the non-workability of the setup, nor did i
say i
couldn't find away around it for my environment, You initiated a thought

process which led to more discussion, i merely tried to expand on it
from my
POV, not argue that it was not viable or it would never work. you
telling me
that it still can be done doesn't bother me because i know it can be
with
careful planning and a bit of imagination. Dont get me im not arguing
with
you im trying to stimulate you :)

otherwise i would expect you to use one of your favourite sayings,
something
about urine and a rope ! :)

Greg

----- Original Message -----
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
To: <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 20, 2006 2:02 PM
Subject: [isalist] Re: OT: DNS and Forwarders


> http://www.ISAserver.org
> -------------------------------------------------------
>
> Dude, if you don't want to separate out your DNS, then don't... I'm
not
> saying any of this is how you HAVE to do it-- I've just found it a
very
> easy
> to implement security configuration with real benefits.  I know you
say
> you
> agree with and like the setup, but these other arguments are really
"straw
> man" arguments as I see them- and all easily solvable.
>
> If you require authentication to apps/os's that don't support
integrated
> auth, then you're screwed with those configs anyway.  Don't require
auth
> for
> those clients then.. Put in another card with a different web proxy
> listener
> config...  And I've got to say, if you have "big providers" there that

> have
> all their DNS go out at the same time, then something is really wrong.

> Have
> secondary (which is really your primary) at your site and have them
listed
> as the 3rd or 4th DNS then- and enable a publishing rule when their
DNS
> goes
> down.  Or just have those "special" clients configured to use direct
DNS
> somewhere-- whatever.  But I disagree with throwing the baby out with
the
> bathwater because of examples of extreme challenges.  Work around
them.  I
> mean, dude, arguing for poor service or bad ISP's isn't the answer
here...
>
> Even if we take the "ISP sucks" attitude and require publishing of
your
> own
> DNS, the fine-- do that.  You'll have to have 2 different servers
anyway,
> so
> put one internally (I mean, with all those heterogeneous clients,
you're
> not
> using integrated AD anyway, right? ;) and put the other in a perimeter
DMZ
> for outside access... Or even better, just host DNS with a
professional
> company, and not your ISP.  DNS can be hosted by any company in the
world,
> not just your ISP or anywhre in AU for that matter..
>
> Again, I understand that you are cool with the "idea" but when
confronted
> with challenges, it is our job to handle them in a secure manner, not
just
> give up and do things the regular old stupid way...  If that's not
good
> for
> the gander, then it can go duck itself. :-p
>
> t
>
>
> On 10/19/06 8:15 PM, "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
spoketh
> to
> all:
>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Yeah except when your are bound by requiring authentication on web
proxy
>> clients on your internal network and you have machines that dont talk
>> integrated auth. Or in the example where the default gateway of the
>> machines
>> is not the ISA Server itself.
>>
>> I wish i could have that amount of faith in my isp but i can recall a

>> number
>> of times in the last few years when even the biggest ISP here has had
its
>> dns server/servers go belly up for a period of time. Regardless of
the
>> fact
>> that my connection is still stable and people can still get to me.
Now
>> maybe
>> that comes down to the price we pay or the level of service/quality
but,
>> you
>> live with what you can and i dare say we are by far not the worst off
in
>> that respect.
>>
>> anyhow, like i said i agree with the concept fully and would always
>> strive
>> to make it as secure and functional as possible but im merely trying
to
>> illustrate that every situation is different and whats good for the
goose
>> is
>> not good for the gander, always.
>>
>> Greg
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2006