Using Site & Content Rule makes external DNS hostname resolution fail
- From: "Nigel Carroll" <nigel@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 6 Oct 2001 10:27:12 +0800
THE PROBLEM
GUI Location:
Site & Content Rules\my users allow rule\HTTP Content Tab:
Whenever I select the radio button "Selected content groups" my FW
Clients cannot resolve our ISP's POP3 hostname.
This occurs *even* if I allow ALL the default ISA content grps.
As soon as I select the radio button "All content groups" they can then
resolve OK again.
MY DIAGNOSIS
I think what's happening is that by limiting them to "Selected content
groups" ISA stops them using its DNS Proxy and hence hostname resolution
fails. If I disable the FW Client s\ware but it appears that when the FW
Clinet is enabled it forces all DNS resolutions through ISA's DNS Proxy.
MORE INFO
Yes I have a protocol rule in place that allows my clients DNS Query,
POP3, SMPT, HTTP, HTTPS so that shouldn't stop them.
My internal DNS is set to Forward to my ISP's DNS - my clients can
succesfully resolve the POPs hostname when the FW client s\ware is
disabled.
QUESTION
How can I use the "HTTP Content" feature to limit Web content downloads
and still enable my clients to resolve NON Web based hostnames?
Is this a bug - surely DNS resolution shouldn't be controlled by the
HTTP Content tab but by a Protocol rule.
Anyone succesfully used HTTP Content control other that allowing "All
content groups"
Regards
Nigel (MCSE + I + ISA)
TechBase
Other related posts:
