[isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 07 Jul 2006 09:44:45 -0700

http://www.ISAserver.org
-------------------------------------------------------
  
I hope it doesn't resemble a "Tequila Sunrise!"

t


On 7/7/06 9:25 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> ..so it's not a drink sold with cookies by kids on neighborhood street
> corners? 
> 
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thomas W Shinder
> Sent: Friday, July 07, 2006 09:20
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache
> Server setup DNS problem
> 
> Tamponade -- the insertion of a tampon during surgery to check bleeding
>  
> :)
>  
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
> 
>  
> 
> 
> ________________________________
> 
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Friday, July 07, 2006 11:15 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache
> Server setup DNS problem
> 
> 
> "Post-evacuation tamponade?"  You can't talk to a lady like that!!!
> 
> t
> 
> 
> On 7/7/06 8:26 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all:
> 
> 
> 
> Hi Barbara,
> 
> Thanks for getting the book! But one thing about my books, it's like going to
> a medical school clinical lecture. If I'm lecturing about evacuating epidural
> hematomas, you have to listen to the whole thing -- you can't wink out during
> the time I'm talking about preparing the skull and post-evacuation tamponade.
> 
> So, what you missed are the assumptions on page 493, which was that you don't
> have any other servers on your network, and thus we are installing a DNS
> server on the ISA firewall.  Is that assumption correct for your network?
> 
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
> 
> 
> 
> 
> 
> 
> 
> ________________________________
> 
> From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Barbara  Causey
> Sent: Friday, July 07, 2006 9:16 AM
> To:  isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Slightly OT Again:HP  ProLiant DL320 Firewall/VPN/Cache
> Server setup DNS problem
> 
> 
> 
> Thanks to everyone for their help. It is working  now, but something is still
> not right. If I set up the client computers to use  the ISA server as a web
> proxy server then no Internet access. The ISA 2000  server was set up this way
> and it worked great.
> 
> 
> 
> In answer to your questions Dr. Tom, I was  following the instructions in your
> book that said to set up the ISA server as  a caching only DNS server. I
> configured the internal DNS server to use the  ISA's DNS server as its
> forwarder and I created the rule you stated. The  client computers are using
> the internal DNS server.
> 
> 
> 
> Any ideas on what else could be  wrong?
> 
> 
> 
> Barbara
> 
> 
> 
> 
> ----- Original Message -----
> 
> From:  Thomas W  Shinder <mailto:tshinder@xxxxxxxxxxx>
> <mailto:tshinder@xxxxxxxxxxx>
> 
> To: isalist@xxxxxxxxxxxxx
> 
> Sent: Thursday, July 06, 2006 1:18  PM
> 
> Subject: [isalist] Re: Slightly OT  Again:HP ProLiant DL320 Firewall/VPN/Cache
> Server setup DNS problem
> 
> 
> 
> Hi Barbara,
> 
> 
> 
> Why are you running a DNS server on the ISA firewall?  Is this configured as a
> caching only DNS server? If so, you configure the  internal DNS server to use
> the ISA firewall's DNS server as it's forwarder,  and you need to create a
> rule that allows the internal DNS server access to  the Local Host Network for
> the DNS protocol.
> 
> 
> 
> Also, the clients should not be using the ISA  firewall's caching only DNS
> server as their DNS server, they should be using  the internal DNS server for
> both internal and external name  resolution.
> 
> 
> 
> Keep in mind that the caching only DNS server on the  ISA firewall is a poor
> man's solution. The best solution is to have DNS  resolvers on a DMZ segment.
> 
> 
> 
> HTH,
> 
> Tom
> 
> 
> 
> 
> Thomas W Shinder,  M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ________________________________
> 
> From: isalist-bounce@xxxxxxxxxxxxx  [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Barbara  Causey
> Sent: Thursday, July 06, 2006 12:01 PM
> To:  isalist@xxxxxxxxxxxxx
> Subject: [isalist] Slightly OT Again:HP  ProLiant DL320 Firewall/VPN/Cache
> Server setup DNS  problem
> 
> 
> 
> Hello, it's me again. :-)
> 
> I set up this server as a caching  only DNS server following the instructions
> in the ISA Server 2004 book  by Dr. Tom and I can access the Internet on this
> server, but not on  any of the internal computers. I get the "Can not find
> server or DNS  error". I can ping the router through this server, but can't
> get  anywhere on the Internet. Everything works fine through the old ISA 2000
> server, but when I switch over to the new one you can't go anywhere.  Would
> someone please point me in the right direction to resolve this  matter?
> 
> Thank you,
> Barbara Causey
> 
> 
> 
> 
> 
> 
> 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2006