Welcome to ISAserver.org

NIC Settings, Internal DNS?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> General >> NIC Settings, Internal DNS?

Page: [1]

Message

<< Older Topic Newer Topic >>

NIC Settings, Internal DNS? - 2.May2008 12:08:46 PM

CSDAdmin

Posts: 25
Joined: 19.Oct.2006
Status: offline

Hello,
We have a parallel firewall config with pix and isa like in the article:
www.isaserver.org/tutorials/2004isapixdmz.html

Our external address is public on the ISA, internal is private 172. (and no other dmz nics).

I am curious as to the best way to set the nics IP addressing.

I was having some alerts about looping, so googled it and found to remove the insides default gateway. Did that, and the alerts stopped. So a default gateway is only specified on our outside nic

Inside nic has our 2 dns servers on our private addresses. Outside nic had 2 external dns servers from our isp.

When setting up a few connectivity verifiers, it cannot resolve the inside address of our exchange server since it is also outside.

If I change the first dns server for the external nic to the inside dns, and leave the 2nd one as outside(which our inside dns will query if it isn't a local name anyways) is that going to create any issues?

Thanks for the help

Post #: 1

Featured Links*

RE: NIC Settings, Internal DNS? - 2.May2008 5:55:04 PM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

Hi,

Do not put any DNS Entry on the External NIC.

check this article to know how to correctly configure ISA Server Network Interfaces : Configuring ISA Server Interface Settings.

as for the DNS Servers in your LAN, check my article here : Internal DNS Forwarding Through ISA Server 2004/2006

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to CSDAdmin)

Post #: 2

RE: NIC Settings, Internal DNS? - 18.Jun.2008 11:45:25 PM

Trojan

Posts: 3
Joined: 13.Jun.2008
From: Tashkent
Status: offline

Good time of day. Now I am about one advice in Dr. Shinder's article "ISA Firewall Best Practices, Tips and Tricks (Part 1)". So, he writes:

DNS server settings. Configure the ISA firewall to use a DNS server on its internal interface; do not enter the same DNS server on multiple interfaces This is a very common issue. The ISA firewall should have only one DNS server configured on its interfaces, and that DNS server address must be configured on its internal interface (or whatever interface is closest to an internal DNS server that can resolve Internet host names). NEVER put an external DNS server on any of the ISA firewall�s interfaces, and NEVER enter a DNS server address on more than one ISA firewall interface.

So, I am confused with his statement "NEVER enter a DNS server address on more than one ISA firewall interface". For example I have an ISA server with three NICs, one external and two internal. On external interface DNS server address shouldn't be configured and it's clear, BUT if I'll configure DNS server address only on one interface as Dr. Shinder advices, then where the clinets bounded to the second interface will send the DNS requests?

(in reply to elmajdal)

Post #: 3