[isalist] Re: Slightly OT Again:HP ProLiant DL320 Firewall/VPN/Cache Server setup DNS problem
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 6 Jul 2006 12:18:15 -0500
Hi Barbara,
Why are you running a DNS server on the ISA firewall? Is this configured
as a caching only DNS server? If so, you configure the internal DNS
server to use the ISA firewall's DNS server as it's forwarder, and you
need to create a rule that allows the internal DNS server access to the
Local Host Network for the DNS protocol.
Also, the clients should not be using the ISA firewall's caching only
DNS server as their DNS server, they should be using the internal DNS
server for both internal and external name resolution.
Keep in mind that the caching only DNS server on the ISA firewall is a
poor man's solution. The best solution is to have DNS resolvers on a DMZ
segment.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara Causey
Sent: Thursday, July 06, 2006 12:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Slightly OT Again:HP ProLiant DL320
Firewall/VPN/Cache Server setup DNS problem
Hello, it's me again. :-)
I set up this server as a caching only DNS server following the
instructions
in the ISA Server 2004 book by Dr. Tom and I can access the
Internet on this
server, but not on any of the internal computers. I get the "Can
not find
server or DNS error". I can ping the router through this server,
but can't
get anywhere on the Internet. Everything works fine through the
old ISA 2000
server, but when I switch over to the new one you can't go
anywhere. Would
someone please point me in the right direction to resolve this
matter?
Thank you,
Barbara Causey
Other related posts:
