Hi Jim I am busy reading your article as mentioned below, but it is prompting some questions about DNS and I was hoping you could answer. You say: "The point to bear in mind is that if ISA is resolving names for the client, the DNS entries and their order in the Windows TCP/IP settings on the ISA server will determine how ISA will respond." So my question is this: Is it better to point my ISA Server to make use of my Internal DNS Servers (which are setup to use my ISP's DNS servers as DNS Forwarders) or should I point my ISA Server directly to the ISP's DNS Servers in order to save time? Why I ask this is because ever since I have moved to ISA Server as my Firewall, my Win2K DNS Servers seem to "lose it" every now and then. I have to perform the following actions at least once a week to correct the problem: 1) net stop dns 2) ipconfig /flushdns 3) net start dns Is it possible that my Win2K DNS Servers and ISA get into some sort of twist and thus decide DNS traffic is no longer permitted? Also, is it standard practice to only allow my DNS Servers access to the "DNS Query" and "DNS Zone Transfer" protocols, or should I be allowing the ISA Server, and possibly even my client workstations, access to these protocols as well? Cheers William R. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 22 January 2003 04:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Proxy vs. Firewall routing http://www.ISAserver.org That's why I wrote this: http://isaserver.org/articles/14120_Errors_Discussion_and_Solution.html Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Nelson Camacho" <ncamacho@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, January 21, 2003 07:15 Subject: [isalist] Proxy vs. Firewall routing http://www.ISAserver.org Hi, I'm having some trouble understand how does ISA do the routing. The question is: if i can, from the inside net, browse a web site pointing to a external IP of a published web site, why can't i telnet to the same IP of a published telnet server? Outside users can access both servers. thank for your help nelson camacho ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')