Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA/DNS Install
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA/DNS Install - 9.Feb.2001 4:27:00 PM
|
|
|
Dwayne
Posts: 2
Joined: 9.Feb.2001
From: Shelby Township, MI, USA
Status: offline
|
I'll try to explain my situation the best I can. I have a Win2000 Server setup with internal ip 192.168.0.1 on NIC 1 and external ip XX.XX.XX.XX on NIC 2. I have AD installed and a DNS server also setup for my Domain. ISA is not currently installed. The problem is when external clients try to access my site from the internet both the internal ip and external ip are reported, which causes access problems to my site. I currently use NAT for my internal clients to access the internet. Will installing the ISA server block the internal ip from being published through DNS? Can I accomplish all of the above with only one Win2000 Server?
|
|
|
|
|
RE: ISA/DNS Install - 10.Feb.2001 3:09:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
When you say that external clients are getting the IP for your internal address, are you saying that your DNS Server resolve the public name of the site to the internal address? If that's the case, just remove the internal address host record and leave the public address record. HTH,
Tom ------------------
Tom Shinder
http://www.isaserver.org/shinder/
|
|
|
|
RE: ISA/DNS Install - 10.Feb.2001 12:51:00 PM
|
|
|
Guest
|
If your ISA Server is a Win2K DC and your internal clients are registering with DDNS then your ISA server (as a DC & DNS) will advertise both internal and external addresses. If you do not want this to occur (which I hope is the case) then demote your ISA server and configure DNS on the ISA server with a standard primary zone and manually add your public IP's on the external interface and in that primary zone. quote:
Originally posted by Dwayne:
I'll try to explain my situation the best I can.I have a Win2000 Server setup with internal ip 192.168.0.1 on NIC 1 and external ip XX.XX.XX.XX on NIC 2. I have AD installed and a DNS server also setup for my Domain. ISA is not currently installed. The problem is when external clients try to access my site from the internet both the internal ip and external ip are reported, which causes access problems to my site. I currently use NAT for my internal clients to access the internet. Will installing the ISA server block the internal ip from being published through DNS? Can I accomplish all of the above with only one Win2000 Server?
|
|
|
|
|
RE: ISA/DNS Install - 13.Feb.2001 9:08:00 AM
|
|
|
Dwayne
Posts: 2
Joined: 9.Feb.2001
From: Shelby Township, MI, USA
Status: offline
|
quote:
When you say that external clients are getting the IP for your internal address, are you saying that your DNS Server resolve the public name of the site to the internal address? If that's the case, just remove the internal address host record and leave the public address record.
Yes using nslookup on my domain name reports 192.168.0.1 and XX.XX.XX.XX. I cannot remove the private interface from DNS because I have Win2000 Server setup with AD. Even if I turn off dynamic updates it still adds the ip of the private interface back to the DNS. I need AD becuase I am also running Exchange Server 2000. quote:
If your ISA Server is a Win2K DC and your internal clients are registering with DDNS then your ISA server (as a DC & DNS) will advertise both internal and external addresses. If you do not want this to occur (which I hope is the case) then demote your ISA server and configure DNS on the ISA server with a standard primary zone and manually add your public IP's on the external interface and in that primary zone.
You seem to understand how I would like things to work, although I do not have the ISA server installed yet. I cannot demote the server because I am running Exchange Sever 2000. 1) Can I install ISA and block DNS from reporting the internal ip on the external interface? I assume no. 2) Can I run one machine with Win2000 Server, ISA Server, Exchange 2000 Server, then install DNS on another non AD machine?
|
|
|
|
|
RE: ISA/DNS Install - 14.Feb.2001 12:34:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
If you're making your private AD DNS available to the public, that's a BIG no-no! If your public domain name is the same as your private domain name, you need to install a second DNS Server that is available to the public. You should *never* allow external access to your private network's DNS Server. In cases like this, where the private and public domain names are the same, you need to configure a second DNS Server with a separate, and unrelated zone database that does not come in contact with your internal zone. Otherwise, you're asking for major security problems. You *do* want your internal clients to resolve the ISA Server internal interface to its computer name via the internal DNS Server. The external interface's Host (A) record should be manually entered on a DNS Server accessible to Internet hosts. In order for the internal clients to resolve Internet names and internal names, you'll need to configure the internal DNS Server to use Forwarders, and you'll also need to configure the internal clients to use that DNS Server. HTH, Tom ------------------
Tom Shinder
http://www.isaserver.org/shinder/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
