DMZ, which DNS to use ? (Full Version)

All Forums >> [ISA 2006 Firewall] >> Network Infrastructure



Message

ITEngineer -> DMZ, which DNS to use ? (7.Jun.2008 2:00:33 PM)

Hi all.

I have ISA 2006 with 3 network adapters.

adapter  1 connected to the internet router
adapter 2 connected to the internal network
recently i have added adapter 3 , and it is connected to a dmz network


my internal network has been working for years , and it has my domain controller, dns server, and other servers. and i have the 3 isa clients types ; secure nat, web poxy, firewall client working properly.

now my question is for the dmz network, if i want to set my clients as secure nat clients, which default gateway should they point to ? and which dns server ?



HePa -> RE: DMZ, which DNS to use ? (9.Jun.2008 4:12:42 AM)

quote:


now my question is for the dmz network, if i want to set my clients as secure nat clients, which default gateway should they point to ? and which dns server ?

SecureNAT clients should be configured with the ISA server as default gateway. They are dependent of the network routing, the traffic needs to be routed through the ISA server when they are going out to internet.

Have you configured your DNS on your internal network to forward external DNS queries to your ISP's DNS servers? If your are using forwarders as described above you can use the DNS on your internal network, just make sure that the DNS traffic is allowed to pass from the DMZ to Internal network. Set up a network relationship and a access rule that let the traffic pass between the network.



Jason Jones -> RE: DMZ, which DNS to use ? (9.Jun.2008 7:52:31 AM)

quote:

ORIGINAL: ITEngineer

Hi all.

I have ISA 2006 with 3 network adapters.

adapter  1 connected to the internet router
adapter 2 connected to the internal network
recently i have added adapter 3 , and it is connected to a dmz network


my internal network has been working for years , and it has my domain controller, dns server, and other servers. and i have the 3 isa clients types ; secure nat, web poxy, firewall client working properly.

now my question is for the dmz network, if i want to set my clients as secure nat clients, which default gateway should they point to ? and which dns server ?


Are you DMZ servers domain members?

If not, they may be better going direct to your ISP DNS servers, as allowing inbound connections from the DMZ should be avoided unless absolutely necessary.



ITEngineer -> RE: DMZ, which DNS to use ? (9.Jun.2008 6:31:33 PM)

Hello Jason,

Thanks for your interest in my post.

quote:

Are you DMZ servers domain members? 

If not, they may be better going direct to your ISP DNS servers, as allowing inbound connections from the DMZ should be avoided unless absolutely necessary.



I intend to have few clients on a workgroup ( non domain ), so you suggest to put the ISP DNS on these clients network adapters ? how about the default gateway.


lets say the internal network is : 192.168.0.0/24

and the dmz ( which is actually another internal network ) 192.168.100.0/24

what would be the default gateway on the dmz clients ?

and also the dns ?

for the dmz clients ( which as i stated before, they are actually clients in Internal network # 2 ), can i use also web proxy clients ? what would be the address inside the proxy connection inside IE ( i will be setting the proxy manually )



ITEngineer -> RE: DMZ, which DNS to use ? (15.Jun.2008 12:35:23 PM)

any follow up ?? [:(]



HePa -> RE: DMZ, which DNS to use ? (16.Jun.2008 3:00:46 AM)

The DMZ should have the ISA's DMZ NIC as their default gateway IF the ISA is going to route the traffic....and then you'll need to create a network rule and a relationship between the network which you want thwe DMZ to comminicate with. You'll also need access rules between the network so that traffic is allowed to pass through.



Page: [1]