Our external address is public on the ISA, internal is private 172. (and no other dmz nics).
I am curious as to the best way to set the nics IP addressing.
I was having some alerts about looping, so googled it and found to remove the insides default gateway. Did that, and the alerts stopped. So a default gateway is only specified on our outside nic
Inside nic has our 2 dns servers on our private addresses. Outside nic had 2 external dns servers from our isp.
When setting up a few connectivity verifiers, it cannot resolve the inside address of our exchange server since it is also outside.
If I change the first dns server for the external nic to the inside dns, and leave the 2nd one as outside(which our inside dns will query if it isn't a local name anyways) is that going to create any issues?
Good time of day. Now I am about one advice in Dr. Shinder's article "ISA Firewall Best Practices, Tips and Tricks (Part 1)". So, he writes:
DNS server settings. Configure the ISA firewall to use a DNS server on its internal interface; do not enter the same DNS server on multiple interfaces This is a very common issue. The ISA firewall should have only one DNS server configured on its interfaces, and that DNS server address must be configured on its internal interface (or whatever interface is closest to an internal DNS server that can resolve Internet host names). NEVER put an external DNS server on any of the ISA firewall’s interfaces, and NEVER enter a DNS server address on more than one ISA firewall interface.
So, I am confused with his statement "NEVER enter a DNS server address on more than one ISA firewall interface". For example I have an ISA server with three NICs, one external and two internal. On external interface DNS server address shouldn't be configured and it's clear, BUT if I'll configure DNS server address only on one interface as Dr. Shinder advices, then where the clinets bounded to the second interface will send the DNS requests?