RE: Split-DNS, is it really necessary...for me?
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 29 Jan 2004 16:35:14 -0800
Your internal DNS server, if also your DC, must in the Internet Connection
properties of the NIC card point to itself, unless you have more than one DC
and DNS server.
The forwarders on the DNS service itself can point to your ISP DNS servers,
or for a slight more security (I do not think it is needed) can point to
ISA. Remember to allow outbound DNS query.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx]
Sent: Thursday, January 29, 2004 4:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split-DNS, is it really necessary...for me?
http://www.ISAserver.org
Ok if I point the internal DNS server at ISA and add the IP's of both my
ISP's, which would be bellsouth and TZO, as forwarders on the internal
server do I get the same security?
Thanks
_____
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, January 29, 2004 7:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split-DNS, is it really necessary...for me?
http://www.ISAserver.org
The Internal DNS server can point to either ISA, or to your ISP DNS server.
I would prefer to point directly at the ISP server, but by pointing it at
ISA, it adds a little more security.
You do not need the DNS service on the web server.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx]
Sent: Thursday, January 29, 2004 3:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split-DNS, is it really necessary...for me?
http://www.ISAserver.org
Ok and here's where the confusion comes in. I take it that I also point my
internal DNS server to the ISA server and that I DON'T have to configure a
DNS server on my web server when I go to publish it? If not, does it matter
whether the web server sits in a workgroup or on the domain?
After this I'll scurry to my server and get to work.
Thanks
_____
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, January 29, 2004 6:32 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split-DNS, is it really necessary...for me?
http://www.ISAserver.org
Then yes, are you using classic split DNS.
The DNS configuration on the ISA server is for CACHE ONLY and only for
internal clients/users going out to the Internet. According to Tom, you will
point your clients at ISA for DNS, which will be configured to send requests
for your internal domain name to your internal DNS server. On your internal
DNS server, you will add a A record of www pointing to the internal IP
address of the web site.
Please avoid the use of CNAME records unless absolutely neccassary. They can
come back to bite you when least expected.
Publish your web server as normal.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxx]
Sent: Thursday, January 29, 2004 2:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split-DNS, is it really necessary...for me?
http://www.ISAserver.org
It's on the internal network on a separate box. I was wondering whether DNS
would need to be configured on this server separately from the internal DNS?
If so how, if I needed to use split-dns.
Thanks
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
- » Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
- » RE: Split-DNS, is it really necessary...for me?
