Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Configuring Domain Controller prior to ISA Install
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Configuring Domain Controller prior to ISA Install - 6.Feb.2001 7:35:00 AM
|
|
|
surban28210
Posts: 16
Joined: 6.Feb.2001
From: Charlotte, NC, USA
Status: offline
|
Since I don't want to initially install ISA on my production LAN, I am trying to set up a test LAN. I've have two servers and a hub. The first server has 1 NIC card [192.168.5.2] and is set up to be the primary domain controller for abc.com. The second server has 2 NIC cards [192.168.5.1 private IP Address and 64.1.1.20 public IP Address from ISP] and will become the ISA server. I install the DNS service (AD Integrated) during the DCPROMO step on Server1. I then try to join the domain from Server2, but cannot. Which DNS would Server2 use on each respective NIC card? Where do I place my public DNS server? Do I need a separate DC on abc.com and privatelan.abc.com in order to successfully install ISA? Is there any reference manual that can take me through the step-by-step installation of the PDC for a Private LAN and how to integrate that Private LAN with the Public LAN? Thanks in advance to anyone that can help point me in the right direction!
|
|
|
|
RE: Configuring Domain Controller prior to ISA Install - 6.Feb.2001 3:06:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
The internal interface should be configured with the DNS address of your internal server, and you can configure the external interface with the DNS of an external DNS Server that can resolve Internet names. You don't have to create a second domain for the ISA Server machine, although you might want to do so for security and management reasons. There are a number of compelling arguments for doing it one way or the other. But definitely do not place a Domain Controller at the edge of your network, unless its a dedicated domain just for the ISA Servers, then you can create a one-way trust if you like to access users account information. HTH, Tom ------------------
Tom Shinder
http://www.isaserver.org/shinder/
|
|
|
|
RE: Configuring Domain Controller prior to ISA Install - 6.Feb.2001 6:59:00 PM
|
|
|
surban28210
Posts: 16
Joined: 6.Feb.2001
From: Charlotte, NC, USA
Status: offline
|
Thanks Tom! I took your advice on not placing the AD server on the edge of the Internal LAN. But what I did find out too, was that it takes more than 2 server to bring up a life-like test LAN with the ISA Server. Server1 - Active Directory PDC with internal Address. This server can be brought up without any network connections. DNS Integrated with AD. Server2 - ISA Server with 2 NIC (1 internal and 1 external). Bring this server up with the Internal NIC using Server1 as the DNS server and the External NIC using Server3 as the DNS. Where... Server3 - Stand alone server on the public ip network, running a forwarding DNS scheme to an ISPs DNS server. Server4 - Stand alone DNS server on the public ip. This server is used so that our ISP can retrieve zone changes from us by reverse zone delegation. Can I eliminate Server4 by placing the DNS functionality on the Public NIC in the ISA Server? Can't wait until your book finally comes out!
|
|
|
|
RE: Configuring Domain Controller prior to ISA Install - 7.Feb.2001 12:45:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Surban, You network configuration sounds like a good one to use for a test network. Regarding DNS: Yes, if you do not want to put the DNS Server on perimeter network, you can put it on the ISA Server itself, and have it listen on the internal interface. Then configure that DNS Server to forward DNS queries to another DNS Server (like your ISP). Make sure that this is configured as a cache-only server, so that no zone information is exposed to internet hosts. On the internal DNS Server, configure it to use the DNS Server on the ISA Server as a forwarder. This is a nice configuration because this prevents any direct contact from Internet hosts to your internal DNS Server. Thanks! Tom P.S. Don't forget to disable recusion on both of the DNS Servers, so that failed queries don't take forever. ------------------
Tom Shinder
http://www.isaserver.org/shinder/
[This message has been edited by tshinder (edited 07 February 2001).]
|
|
|
|
|
RE: Configuring Domain Controller prior to ISA Install - 8.Feb.2001 2:12:00 PM
|
|
|
BLTaylor
Posts: 20
Joined: 8.Feb.2001
From: Calgary, AB, CA
Status: offline
|
I have a similar configuration running on Proxy Server 2.0. I want to publish my public primary DNS on the external interface and let internal DNS servers use the DNS on ISA as a forwarder. Is this possible? TIA ------------------
--
Brad Taylor - Computability Ltd.
brad.taylor@computability.ab.ca
|
|
|
|
|
RE: Configuring Domain Controller prior to ISA Install - 9.Feb.2001 2:34:00 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Brad, I don't see any problems with configuring your private DNS Servers to use the published DNS Server as a forwarder. Since the published DNS Server is a SecureNAT client, and it also will have a rule automatically created to allow it to send and receive DNS queries, you should be all set. HTH,
Tom ------------------
Tom Shinder
http://www.isaserver.org/shinder/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
