Are server publishing settings the same in route mode and in NAT mode?
We have a DNS publishing rule that works very fine in NAT mode, however, we have to switch to route mode because of the change of internal structure. The rule doesn't work in route mode anymore. I can't see the traffic hit the rule and it goes directly to the default deny rule, in logging.
Does it still need a listener in route mode? If the real ip is used in Route mode, what is the listener used for?
From: Canada - Toronto
What is the DNS server configuration for the machines that are using the DNS publishing rule? I bet you that is the IP of the ISA machine. Change the DNS server for those machines to pint to IP address of the internal DNS server
From: United Kingdom
When doing server publishing with a route relationship, you need to configure the network listener to listen on all IP addresses (on the approriate interface) and then define the actual server address of the server you wish to publish. It looks a little weird, but this is how it needs to be defined for routing.
What ISA does in this scenario is essentially listen on the interface for conncetions to the real address and then use something called "port stealing" to make eveything work.
I’m trying to guess your configuration here, my last comment was based on presumption that you have some machines on DMZ or another trusted network, and you are publishing the internal DNS for the DMZ (trusted network) machines. Based on your question it seems that you are publishing the DNS on the external interface. Can you give us more info about for configuration?
For Jason, What about this scenario:
1 machine on DMZ zone – the DNS of that machine is pointing to the ISA DMZ IP The published DNS server on the Internal network Route relation between DMZ and Internal network Server publishing of the internal DNS server (listener configured on all ISA DMZ IP)
In this scenario the DMZ machine cannot access the internal DNS server Looking on ISA log I see an entry – default denied – from DMZ to Local Host The only solution I found in this case was to configure the DNS of the DMZ machine with the IP address of the internal DNS server
Based on this scenario I advised Chilait to change the DNS configuration – but it seems that his scenario is different