Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

NIC Settings, Internal DNS?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> NIC Settings, Internal DNS? Page: [1]
Login
Message << Older Topic   Newer Topic >>
NIC Settings, Internal DNS? - 2.May2008 12:08:46 PM   
CSDAdmin

 

Posts: 17
Joined: 19.Oct.2006
Status: offline 		Hello,
We have a parallel firewall config with pix and isa like in the article:
www.isaserver.org/tutorials/2004isapixdmz.html

Our external address is public on the ISA, internal is private 172. (and no other dmz nics).

I am curious as to the best way to set the nics IP addressing.

I was having some alerts about looping, so googled it and found to remove the insides default gateway.  Did that, and the alerts stopped.  So a default gateway is only specified on our outside nic

Inside nic has our 2 dns servers on our private addresses.  Outside nic had 2 external dns servers from our isp.

When setting up a few connectivity verifiers, it cannot resolve the inside address of our exchange server since it is also outside.

If I change the first dns server for the external nic to the inside dns, and leave the 2nd one as outside(which our inside dns will query if it isn't a local name anyways) is that going to create any issues?

Thanks for the help
Post #: 1
RE: NIC Settings, Internal DNS? - 2.May2008 5:55:04 PM   
elmajdal

 

Posts: 4964
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		Hi,

Do not put any DNS Entry on the External NIC.

check this article to know how to correctly configure ISA Server Network Interfaces : Configuring ISA Server Interface Settings.

as for the DNS Servers in your LAN, check my article here : Internal DNS Forwarding Through ISA Server 2004/2006

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to CSDAdmin)
Post #: 2
RE: NIC Settings, Internal DNS? - 18.Jun.2008 11:45:25 PM   
Trojan

 

Posts: 3
Joined: 13.Jun.2008
From: Tashkent
Status: offline 		Good time of day. Now I am about one advice in Dr. Shinder's article "ISA Firewall Best Practices, Tips and Tricks (Part 1)". So, he writes:

DNS server settings. Configure the ISA firewall to use a DNS server on its internal interface; do not enter the same DNS server on multiple interfaces This is a very common issue. The ISA firewall should have only one DNS server configured on its interfaces, and that DNS server address must be configured on its internal interface (or whatever interface is closest to an internal DNS server that can resolve Internet host names). NEVER put an external DNS server on any of the ISA firewall’s interfaces, and NEVER enter a DNS server address on more than one ISA firewall interface.

So, I am confused with his statement "NEVER enter a DNS server address on more than one ISA firewall interface". For example I have an ISA server with three NICs, one external and two internal. On external interface DNS server  address shouldn't be configured and it's clear, BUT if I'll configure DNS server address only on one interface as Dr. Shinder advices, then where the clinets bounded to the second interface will send the DNS requests? 

(in reply to elmajdal)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> NIC Settings, Internal DNS? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts