Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Where is the "part 2" ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Where is the "part 2" ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Where is the "part 2" ? - 24.Sep.2002 4:58:00 PM   
DannyH

 

Posts: 151
Joined: 25.Sep.2001
From: Genova, Italy
Status: offline 		I really can't find the article "How to publish
a DNS Server part 2" :-)

Perhaps i'm dumb, but i really can't find it !
Help !

Da(M)nny ;-)
Post #: 1
RE: Where is the "part 2" ? - 24.Sep.2002 5:19:00 PM   
tshinder

 

Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Danny,

I never got around to doing part two. [Big Grin]

I'll to that in the future.

Thanks!

Tom

(in reply to DannyH)
Post #: 2
RE: Where is the "part 2" ? - 24.Sep.2002 7:54:00 PM   
DannyH

 

Posts: 151
Joined: 25.Sep.2001
From: Genova, Italy
Status: offline 		ooh, *really* ? [Razz]

then PLEASE may you tell me how to do make
this SIMPLE configuration working... ? [Cool]

INTERNET
|
ISA
|
Web/Ftp/Mail server

Both machines are domain controller.
Both machines runs DNS server, stored in
Active Directory.

If i leave the DNS running on ISA machine,then
everything is Ok.

If i stop the DNS Server on the ISA machine,
external clients can't surf the web site...

I would like to leave the DNS on the machine
behind the ISA machine, and let the ISA machine
run only the firewall.

Does it worth on it ? [Razz]

Danny
(you see how dumb i am [Roll Eyes]

(in reply to DannyH)
Post #: 3
RE: Where is the "part 2" ? - 25.Sep.2002 12:35:00 AM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline 		Does your ISP handle any DNS records for you?

(in reply to DannyH)
Post #: 4
RE: Where is the "part 2" ? - 25.Sep.2002 3:08:00 AM   
tshinder

 

Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Danny,

If you want to host your own DNS, I would recommend getting the DNS server off the ISA Server. Actually, you should dcpromo the ISA Server and get the DC off the ISA Server.

Check out my latest article on split DNS if you're interested in hosting your own DNS services.

HTH,
Tom

(in reply to DannyH)
Post #: 5
RE: Where is the "part 2" ? - 25.Sep.2002 8:45:00 AM   
DannyH

 

Posts: 151
Joined: 25.Sep.2001
From: Genova, Italy
Status: offline 		Hi Tom !

Are you *sure* that "dcpromo-ing" the
ISA Machine doesn't affect the how ISA
work ?

Danny (who is "scared" to make changes)

(in reply to DannyH)
Post #: 6
RE: Where is the "part 2" ? - 25.Sep.2002 9:17:00 PM   
DannyH

 

Posts: 151
Joined: 25.Sep.2001
From: Genova, Italy
Status: offline 		By the way,

my ISP doesn't handle any record.
The only record i have is a record
on "internic", where is my 2 public
IP addresses and the host names.

I assume that, when anyone from the internet
type WWW.MYDOMAIN.COM, it brings on the machine
(in this case, my ISA server) that has the public IP associated on the record stored into internic database, right ?

Then, the DNS on MYDOMAIN.COM does have a WWW
alias that redirect the request to the web server
behind the ISA machine.

Is it the way it should work ?

If it's so, what i have to do to permit internet
clients to access the DNS running on a machine
behind the ISA ?

I hope to express myself correctly [Smile]

Danny

(in reply to DannyH)
Post #: 7
RE: Where is the "part 2" ? - 25.Sep.2002 9:42:00 PM   
tshinder

 

Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Danny,

The INTERNIC should have a record of your DNS servers. You have to provide them the names and IP addresses for two DNS servers. For example, my DNS servers are dns.tacteam.net and dns1.tacteam.net. They map to two IP addresses on the external interface of my ISA Server, and I use those two IP addresses to publish my public DNS servers (they're actually VMs running on GSX server -- but that's another story).

I think create forward and reverse lookup zones for the domains under my adminstrative control on those DNS servers. So I create a forward lookup zone for TACTEAM.NET and create resource records for www, ftp, mail, etc.

But I do not run the DNS server on the ISA Server and I do not mix private and public resource records on the same zone. For security reasons, you should disable recursion on your public DNS server, whack the Root Hints file, and configure it to protect against cache pollution. I went through the stuff in the recent article.

HTH,
Tom

(in reply to DannyH)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Where is the "part 2" ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts