I have a setup where we have external offices. Those get an ISA box from us that includes: * Active Directory * DHCP * DNS Server * WUS on an internal IIS.
The concept is that this box basically is their end-side. Most of these offices are small and run a minor number of items, and the ISA-Server is basically acting as the ONLY server they have. We know about this being sub-optimal from a security point of view, but it basically is the only cost-effective solution.
ISA Server is configured to dial into the ISP and establish a persistent VPN to the central office automatically. It uses it's own DNS server for DNS, forwarding requests to the provider's DNS (as it has the local domain through ActiveDirectory). It has an internal IP network, normally a DMZ ip network (connected to a WLAN adapter for the office, so people on the WLAN need to VPN into the ISA Server) and a PPPOE connection to an internet provider.
Now, here is my problem. Regularly (every couple of hours), the DNS Server will stop responding. No clue is given to why - no event log entries. In the DNS manager I have set up monitoring, and it also turnes to "Fail" on both tests. When this happens, DNS is totally breaking down for the respective location.
Anyone a clue what this is? We have, in one location, put the DNS to a separate server, and then it works flawless. I start assuming that it is the firewall starting to block the ISA Server, but I am totally clueless in general on WHY this happens - it works perfectly for some hours after I restart the firewall.
The ISA firewall on a DC is a no-go. Remember, its a network firewall, like CP, PIX, Netscreen etc. You don't put Web servers, Kazaa servers or AD on those boxes either.
This is actually the problem. No, I do not get any hints about something going wrong. It is just that the DNS seems to stop responding.
You know, in DNS you can set up monitoring, and this also fails. I can restart the DNS service and it does not work, so I seriously doubt this is an issue related to the DNS service itself.
I have the exact same problem, as I have ISA 2004 running on my Sbs server. The problem seems to be down to the MSDE engine using too much memory. I find it uses getting on to 2gb of ram. I restart this instance of msde and suddenly the DNS starts working again. I am going to try and get sp3 for msde installed to see if that helps.
I have not checked this yet, but I will next time the thing fails. If this is the case, then this can be handled easily - simply by limiting the amount of memory the MSDE uses.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> DNS Server on ISA fails to operate regularly. No clues. 
DNS Server on ISA fails to operate regularly. No clues. - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread