You have confirmed my suspicions, thank you very much. Dan -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, August 06, 2003 8:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: a problem with secureNAT client http://www.ISAserver.org Hi Dan, Great questions! Sounds like you're using your ISP's DNS servers for your forwarders on your internal DNS servers. You can switch the config so that the internal DNS server use the firewall as their forwarder instead, and then configure the caching-only DNS server running on the firewall to use your ISP's DNS servers as forwarders. You can also use high-quality 3rd party DNS services that are "off network" for fault tolerance for your forwarders. I believe John Tolmachoff offers this kind of service at a reasonable price. I mention this because I've had an ISP have all its DNS servers go offline for awhile. Now I use redundant forwarders on different networks. I would say that its more secure to have the caching-only DNS server contacting Internet DNS servers, whether it's a forwarder or otherwise. In that way, you insure that no external host has direct contact with your internal boxes. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Dan Gabbard [mailto:intellihome@xxxxxxxxxxx] Sent: Wednesday, August 06, 2003 9:58 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: a problem with secureNAT client http://www.ISAserver.org Great article Tom, thanks. I've been using forwarders on my inside DNS but may change it to use the caching only DNS on ISA. If I'm only using forwarders, pointing to my ISP's DNS servers, on the inside DNS server is that more/less/equivalent secure than having it forward the requests to a caching only DNS server on ISA? Dan -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, August 06, 2003 7:17 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: a problem with secureNAT client http://www.ISAserver.org Hey guys, Check out: http://isaserver.org/articles/snatdns.html I think this might help solve a common problem with name resolution in smaller environments. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: shane mullins [mailto:tsmullins@xxxxxxxxxxxxxx] Sent: Wednesday, August 06, 2003 7:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: a problem with secureNAT client http://www.ISAserver.org check your dns. with the secure nat client the workstation must be able to resolve dns on its own. shane ----- Original Message ----- From: "Amir" <amir_7031@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, August 05, 2003 7:08 PM Subject: [isalist] a problem with secureNAT client > http://www.ISAserver.org > > > > Hello, > > I have a ISA server in my home network.i have no DHCP server.i want to > configure a client to be secureNAT,bat i couldn't.when i configure default > Gateway to ISA server IP on client ,it computer can not ping the IP on the > external subnet such as Internet and i can not see any web page from > client.Please help me. > > Thanks > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: tsmullins@xxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: intellihome@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: intellihome@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')