NIC Settings, Internal DNS? (Full Version)

All Forums >> [ISA 2006 Firewall] >> General



Message

CSDAdmin -> NIC Settings, Internal DNS? (2.May2008 12:08:46 PM)

Hello,
We have a parallel firewall config with pix and isa like in the article:
www.isaserver.org/tutorials/2004isapixdmz.html

Our external address is public on the ISA, internal is private 172. (and no other dmz nics).

I am curious as to the best way to set the nics IP addressing.

I was having some alerts about looping, so googled it and found to remove the insides default gateway.  Did that, and the alerts stopped.  So a default gateway is only specified on our outside nic

Inside nic has our 2 dns servers on our private addresses.  Outside nic had 2 external dns servers from our isp.

When setting up a few connectivity verifiers, it cannot resolve the inside address of our exchange server since it is also outside.

If I change the first dns server for the external nic to the inside dns, and leave the 2nd one as outside(which our inside dns will query if it isn't a local name anyways) is that going to create any issues?

Thanks for the help



elmajdal -> RE: NIC Settings, Internal DNS? (2.May2008 5:55:04 PM)

Hi,

Do not put any DNS Entry on the External NIC.

check this article to know how to correctly configure ISA Server Network Interfaces : Configuring ISA Server Interface Settings.

as for the DNS Servers in your LAN, check my article here : Internal DNS Forwarding Through ISA Server 2004/2006



Trojan -> RE: NIC Settings, Internal DNS? (18.Jun.2008 11:45:25 PM)

Good time of day. Now I am about one advice in Dr. Shinder's article "ISA Firewall Best Practices, Tips and Tricks (Part 1)". So, he writes:

DNS server settings. Configure the ISA firewall to use a DNS server on its internal interface; do not enter the same DNS server on multiple interfaces This is a very common issue. The ISA firewall should have only one DNS server configured on its interfaces, and that DNS server address must be configured on its internal interface (or whatever interface is closest to an internal DNS server that can resolve Internet host names). NEVER put an external DNS server on any of the ISA firewall’s interfaces, and NEVER enter a DNS server address on more than one ISA firewall interface.

So, I am confused with his statement "NEVER enter a DNS server address on more than one ISA firewall interface". For example I have an ISA server with three NICs, one external and two internal. On external interface DNS server  address shouldn't be configured and it's clear, BUT if I'll configure DNS server address only on one interface as Dr. Shinder advices, then where the clinets bounded to the second interface will send the DNS requests? 



Page: [1]