Welcome to ISAserver.org

Simple DNS question

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Server Publishing >> Simple DNS question

Page: [1]

Message

<< Older Topic Newer Topic >>

Simple DNS question - 3.Apr.2004 1:19:00 AM

xsoftdev

Posts: 6
Joined: 2.Apr.2004
Status: offline

Hello folks,

My network is as follows:

-(server1)ISA on w2k which is also the DC
DNS is installed by default with AD and I have my hosts listed there.
-(server2)SecureNAT client, w2k server behind ISA is running 2nd DNS server which is published by server publishing rule. This DNS server has records for other domains that I host.

My question is which DNS server should be listed on the NIC of the servers and workstations behind ISA?

--This is what I get when I do a nslookup on my workstation-----------

C:\>nslookup mydomain.com
*** Can't find server name for address 10.0.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 10.0.0.1

Name: mydomain.com
Addresses: 10.0.0.1, 24.199.53.164
-------------
Thanks

[ April 03, 2004, 01:31 AM: Message edited by: xsoftdev ]

Post #: 1

Featured Links*

RE: Simple DNS question - 3.Apr.2004 4:14:00 PM

ricksimonds

Posts: 18
Joined: 30.Mar.2002
Status: offline

I have seen this issue before, I have to restart the DNS service on all DNS servers after I reboot the ISA server or restart the firewall service.

Once DNS is restarted all works well.

(in reply to xsoftdev)

Post #: 2

RE: Simple DNS question - 3.Apr.2004 6:24:00 PM

xsoftdev

Posts: 6
Joined: 2.Apr.2004
Status: offline

Thanks for the reply Rick.

I have restarted the DNS servers but am still getting the same message and am still not sure on what DNS servers should be listed on the NICs of the servers and workstations behind ISA. So far I have the internal NIC of the ISA listed, web and email is working but the nslookup is giving the message above.

(in reply to xsoftdev)

Post #: 3

RE: Simple DNS question - 3.Apr.2004 11:15:00 PM

ricksimonds

Posts: 18
Joined: 30.Mar.2002
Status: offline

Ok Well on the Internal ISA Server NIC I'd point it to itself for DNS primary DNS and your other internal DNS server as the secondary. No DNS servers listed on the external ISA server NIC.

Since you can not (should not) install the firewall client on the ISA server you will need to create a packet filter to allow outbound DNS traffic.

The other internal DNS server should have the firewall client installed to allow outbound DNS traffic.

Check the forward lookup zone of your DNS Server and see if there is a zone named "." if so delete it as it will prevent the server from forwarding any request to an upstream ISP DNS server or the root hint servers.

load balance your clients between the two DNS servers half point to one as the primary and server 2 as the secondary and revers the order for the other half of your clients.

Hope that this helps.

PS if your running Windows 2000 DNS check the DNS zone transfer settings. By default they are wide open to transfer to anyone...not very secure.

Rick

(in reply to xsoftdev)

Post #: 4