RE: dns resolving when using securenat

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 11 Nov 2004 07:43:33 -0600

Hi Sebastian,
 
That is correct and how it works.
 
Why are you using the SecureNAT client? That config is only for Macs and
Linux and servers? SecureNAT makes the ISA firewall as as dumb as a pix!
 
HTH,
Tom

________________________________

From: Dijk, Sebastian van [mailto:sebastian.van.dijk@xxxxxxxxxx] 
Sent: Thursday, November 11, 2004 7:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] dns resolving when using securenat


http://www.ISAserver.org


Hi Jim, 

 

Thanks for the response.

However, Proxy is NOT enabled in Internet Explorer.

So ISA is just used as securenat (clients are only configured with a
default gateway = isaserver).

www.test.nl <http://www.test.nl/>  is just an example, it's not the
domain we use in real.

 

The problem is : 

When ISA is the default gateway for the client, it seems like the
"c:\winnt\system32\drivers\etc\hosts" file is skipped in the dns
resolving progress.

 

 

Met vriendelijke groet, 

 

 

Sebastian van Dijk

 

________________________________

Van: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Verzonden: maandag 8 november 2004 15:45
Aan: [ISAserver.org Discussion List]
Onderwerp: RE: [isalist] dns resolving when using securenat

 

Actually, www.test.nl resolves to 212.204.218.191, but that's a small
matter.

ISA doesn't change your previous name resolution.

What *can* happen (sounds like your issue) is if your browser is
configured to use ISA as a web proxy, then name resolution happens at
the ISA, not the client.

 

For details of ISA client behavior, take a read in the ISA help and
here:

http://isaserver.org/tutorials/ISA_Clients__Part_1__General_ISA_Server_C
onfiguration.html

http://isaserver.org/tutorials/ISA_Clients__Part_2_SecureNAT_and_Web_Pro
xy_Client.html

http://isaserver.org/tutorials/ISA_Clients__Part_3_The_Firewall_Client.h
tml

 

________________________________

From: Dijk, Sebastian van [mailto:sebastian.van.dijk@xxxxxxxxxx]
Sent: Mon 11/8/2004 3:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] dns resolving when using securenat

http://www.ISAserver.org

Hi !

 

We are now in a migration period.

We had some nokia firewall but now we want to implement ISA 2000.

We have installed all updates/service packs for isa 2000 and it runs on
a Windows 2003 Standard server. 

However this gives a problem :

 

We have configured our clients for securenat, and the dns is resolved by
a windows 2000 server.

In my opinion, when one uses a default gateway the first thing done when
a name to ip is being resolved :

-          checking local hosts file

-          checking dns server

 

Again : we are not using the firewall or proxy client, just a default
gateway.

 

Now comes the problem :

In the old situation (where the nokia functioned as default gateway) one
could change the local hosts file and that ip would be used when typing
in the url.

Now in the new situation, it seems like the local hosts file is not
being used for name resolving.

 

So when the internet dns of www.test.nl <http://www.test.nl/>  points to
10.0.0.1 and we add an entry in our hosts file : 20.0.0.1 www.test.nl
<http://www.test.nl/> .

And we type in our internet explorer www.test.nl <http://www.test.nl/> ;
the page from 10.0.0.1 is loaded.

 

Is this by design ? And how does it work because it messes up my
understanding of TCP/IP and DNS

 

Thanks in advance 

 

 

Met vriendelijke groet, 

 

 

Sebastian van Dijk

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » dns resolving when using securenat
• » RE: dns resolving when using securenat
• » RE: dns resolving when using securenat
• » RE: dns resolving when using securenat
• » dns resolving when using securenat
• » RE: dns resolving when using securenat
• » RE: dns resolving when using securenat

1. Home
2. isalist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---