Sorry if I'm being blatanly ignorant here :) Why excactly is it that DNS settings shouldn't be made on the external NIC? > -----Original Message----- > From: Kincer, Rick [mailto:Rick_Kincer@xxxxxxxxxx] > Posted At: Monday, October 27, 2003 10:21 PM > Posted To: www.isaserver.org > Conversation: [isalist] Re: pinging wrong ip address > Subject: [isalist] Re: pinging wrong ip address > > > http://www.ISAserver.org > > Hi Tom, > > I agree, it is best not to have DNS settings on the external > NIC, I recall > that from your book and other articles but I thought I'd give > the other > route a whirl...<g>. > I just read Jim's article again, so with having split DNS > servers that I > could place, on the internal NIC, the inside DNS server IP > first and then > the external DNS server IP second? The external DNS server IP > would use a > 10. address, not the external public address. So I would need > to make sure > the external DNS server IP segment address is in the LAT > table to make sure > ISA still routes local? I've had it set the normal way, the > inside NIC set > to the internal DNS servers for both first and second > selection but if there > is a better way I'm all for trying it. > > > And of course once we switch the domain from NT to AD I'll > have to think of > it all over again...<g> > > Thanks again!!, > > > Rick > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Tuesday, October 21, 2003 4:52 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: pinging wrong ip address > > http://www.ISAserver.org > > Hi Rick, > > Unless you're using a dial up connection, don't set a DNS > server on the > external interface. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > > -----Original Message----- > From: Kincer, Rick [mailto:Rick_Kincer@xxxxxxxxxx] > Sent: Tuesday, October 21, 2003 2:07 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: pinging wrong ip address > > > http://www.ISAserver.org > > Jim, > > Thank you for the direction, I've been working on something > similar. One > question though, there's always that one question..... > > Lets say we have a public website "www.our_domain.com" but we want our > users > to use the internal 10. IP addresses to get to the website and bypass > proxy. > We set the IE clients to "Bypass proxy for local addresses" and in the > advanced we specify "10.*; our_domain.com". This will ensure that the > internal users get routed directly to the internal server > without going > through ISA. > > Now for the rub......If I were to set the DNS as you mentioned in the > article "Configuring DNS Settings" on that great website > www.isaserver.org, > being that the internal NIC is set for the internal DNS server and the > outside NIC is set for the outside DNS server, would it cause > a problem > if: > > 1) The users deselected the "Bypass proxy for local addresses". > 2) The users go to the ourdomain.com website. > 3) The internal DNS is off line. > 4) The external DNS server is used to resolve the name. > 5) The users receive the external IP, which ISA sees as > external, to get > to > the website. > > Wouldn't that just send the user through the ISA server? Possibly > causing a > problem with authentication? > > > Don't laugh, I really have to field this question.... > > > Thank you, > > Rick > > > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Tuesday, October 21, 2003 8:52 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: pinging wrong ip address > > http://www.ISAserver.org > > Stop / restart the Firewall service. > The FW and Web Proxy services maintain their own DNS caches and these > maintain entries for ~6 hours. > Take a read in the client articles I left on > www.isserver.org; it's much > too > detailed for an email posting. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > > > On Tue, 21 Oct 2003 13:05:15 +0200 > "Luqman Achmat" <luqman@xxxxxxxxx> wrote: > http://www.ISAserver.org > > Hi everyone > > A service provider recently changed their ip address of a > telnet server > outside of our network and since then I cannot connect/telnet to this > server. > > Problem - With my MS firewall client enabled: When I do an nslookup of > the dns name, I get the correct resolution to ip address. But > when I do > a ping of the dns name, it still tries to ping the OLD ip address. > > Any ideas why the ping would still try and ping the old ip > address with > my FWClient enabled? > > Luq > > p.s. With my MS firewall client disabled: When I do an nslookup of the > dns name, I get the correct resolution to ip address. When I do a ping > of the dns name, it pings the correct ip address. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > All mail from this domain is virus-scanned with RAV. > www.ravantivirus.com > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > rick_kincer@xxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > rick_kincer@xxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: isaserver@xxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') >