Also, don't allow EVERYONE to use DNS. Create a computer object for your DNS server. HTH Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: auto122605@xxxxxxxxxxxx [mailto:auto122605@xxxxxxxxxxxx] Sent: Wednesday, September 29, 2004 10:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] Priority of Firewall Rules http://www.ISAserver.org I have just 2 rules on my isa 2K4 which are: (Rule 1) Allow - (From) xxx.xxx.xxx.xxx to external Protocol - DNS Users - All users and (Rule 2) Allow - (From) Internal network to external Protocol - Any Users - User1 Like this i have a DNS server which uses forwarders from the internet and is used as an internal network DNS Server. When I move Rule 2 before Rule 1 the DNS stops working. How is this behaviour? Is it cause Rule 2 allows only a specific user to access the internet therefore automatically all other users are denied? And therefore the DNS Server stops working? Thanks.. Nick Holmes Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx