Welcome to ISAserver.org

I have DNS problem plz help!!!

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> General >> I have DNS problem plz help!!!

Page: [1]

Message

<< Older Topic Newer Topic >>

I have DNS problem plz help!!! - 20.Feb.2010 2:33:46 AM

ahmedezz

Posts: 1
Joined: 20.Feb.2010
Status: offline

Here is my network topology:
My router internal interface IP is 192.168.0.1 connected to DMZ network which contains ISA server 2004 with two NICs the external interface has IP 192.168.0.41 and internal interface connected to my internal network with IP 192.168.20.220, Astaro UTM security gateway with external IP 192.168.0.101 and internal IP 192.168.20.230 I use ISA server as back-end firewall and UTM as front-end firewall and DNS server within the DMZ network with IP 192.168.0.210.

For the clients:
GW:192.168.20.230
DNS:192.168.0.210
and i use firewall client for ISA server
My problem when i try to ping any external public IP it pings and i can ping the DNS server but when i try to ping using host names like yahoo.com or google.com then the DNS can't resolve the names.
Can anyone please help me and also tell me if there is any wrong configurations i have done on the client-side (GW,DNS) or if i need more rules on ISA server or UTM gateway plz help!!!

Post #: 1

Featured Links*

RE: I have DNS problem plz help!!! - 22.Feb.2010 8:38:22 AM

Rotorblade

Posts: 1348
Joined: 27.Feb.2007
Status: offline

Hi,

It�s not advisable to be using an external DNS server for your internal clients; especially when they are AD Domain members. You need to configure ISA to use an internal DNS server that is configured as a forwarder for external DNS request queries. There are a few articles on this site that address different ISA DNS configurations and at minimum you need to configure per article below. Also check your ISA NIC setups and make sure they are configured correctly.

http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding.aspx

http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to ahmedezz)

Post #: 2

RE: I have DNS problem plz help!!! - 22.Feb.2010 9:03:57 AM

Rotorblade

Posts: 1348
Joined: 27.Feb.2007
Status: offline

quote:

My problem when i try to ping any external public IP it pings and i can ping the DNS server but when i try to ping using host names like yahoo.com or google.com then the DNS can't resolve the names.

In getting a PING response would be dependent on if the ISA system policy is configured to permit it. Testing DNS using ICMP ping requests is not going to tell you much anyway.

You need to use a tool like this one @ http://www.codeproject.com/KB/IP/DNSTester.aspx if you want to get some idea how your nameserver/resolver is performing. Please also keep in mind that if you�re using SecureNAT client access that DNS resolver responsibilities are handled by the client not ISA.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to ahmedezz)

Post #: 3