Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ, which DNS to use ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> DMZ, which DNS to use ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ, which DNS to use ? - 7.Jun.2008 2:00:33 PM   
ITEngineer

 

Posts: 254
Joined: 3.Feb.2006
Status: offline 		Hi all.

I have ISA 2006 with 3 network adapters.

adapter  1 connected to the internet router
adapter 2 connected to the internal network
recently i have added adapter 3 , and it is connected to a dmz network


my internal network has been working for years , and it has my domain controller, dns server, and other servers. and i have the 3 isa clients types ; secure nat, web poxy, firewall client working properly.

now my question is for the dmz network, if i want to set my clients as secure nat clients, which default gateway should they point to ? and which dns server ?
Post #: 1
RE: DMZ, which DNS to use ? - 9.Jun.2008 4:12:42 AM   
HePa

 

Posts: 135
Joined: 9.May2008
From: Sweden, Gothenburg
Status: offline
quote:


now my question is for the dmz network, if i want to set my clients as secure nat clients, which default gateway should they point to ? and which dns server ?

SecureNAT clients should be configured with the ISA server as default gateway. They are dependent of the network routing, the traffic needs to be routed through the ISA server when they are going out to internet.

Have you configured your DNS on your internal network to forward external DNS queries to your ISP's DNS servers? If your are using forwarders as described above you can use the DNS on your internal network, just make sure that the DNS traffic is allowed to pass from the DMZ to Internal network. Set up a network relationship and a access rule that let the traffic pass between the network.

_____________________________

Henrik Parkkinen

(in reply to ITEngineer)
Post #: 2
RE: DMZ, which DNS to use ? - 9.Jun.2008 7:52:31 AM   
Jason Jones

 

Posts: 1801
Joined: 30.Jul.2002
From: United Kingdom
Status: online
quote:

ORIGINAL: ITEngineer

Hi all.

I have ISA 2006 with 3 network adapters.

adapter  1 connected to the internet router
adapter 2 connected to the internal network
recently i have added adapter 3 , and it is connected to a dmz network


my internal network has been working for years , and it has my domain controller, dns server, and other servers. and i have the 3 isa clients types ; secure nat, web poxy, firewall client working properly.

now my question is for the dmz network, if i want to set my clients as secure nat clients, which default gateway should they point to ? and which dns server ?


Are you DMZ servers domain members?

If not, they may be better going direct to your ISP DNS servers, as allowing inbound connections from the DMZ should be avoided unless absolutely necessary.

_____________________________

Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/

Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to ITEngineer)
Post #: 3
RE: DMZ, which DNS to use ? - 9.Jun.2008 6:31:33 PM   
ITEngineer

 

Posts: 254
Joined: 3.Feb.2006
Status: offline 		Hello Jason,

Thanks for your interest in my post.

quote:

Are you DMZ servers domain members? 

If not, they may be better going direct to your ISP DNS servers, as allowing inbound connections from the DMZ should be avoided unless absolutely necessary.



I intend to have few clients on a workgroup ( non domain ), so you suggest to put the ISP DNS on these clients network adapters ? how about the default gateway.


lets say the internal network is : 192.168.0.0/24

and the dmz ( which is actually another internal network ) 192.168.100.0/24

what would be the default gateway on the dmz clients ?

and also the dns ?

for the dmz clients ( which as i stated before, they are actually clients in Internal network # 2 ), can i use also web proxy clients ? what would be the address inside the proxy connection inside IE ( i will be setting the proxy manually )

(in reply to Jason Jones)
Post #: 4
RE: DMZ, which DNS to use ? - 15.Jun.2008 12:35:23 PM   
ITEngineer

 

Posts: 254
Joined: 3.Feb.2006
Status: offline 		any follow up ??

(in reply to ITEngineer)
Post #: 5
RE: DMZ, which DNS to use ? - 16.Jun.2008 3:00:46 AM   
HePa

 

Posts: 135
Joined: 9.May2008
From: Sweden, Gothenburg
Status: offline 		The DMZ should have the ISA's DMZ NIC as their default gateway IF the ISA is going to route the traffic....and then you'll need to create a network rule and a relationship between the network which you want thwe DMZ to comminicate with. You'll also need access rules between the network so that traffic is allowed to pass through.

_____________________________

Henrik Parkkinen

(in reply to ITEngineer)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> DMZ, which DNS to use ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts