• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DNS Passing, Loopback

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> DNS Passing, Loopback Page: [1]
Message << Older Topic   Newer Topic >>
DNS Passing, Loopback - 17.Jul.2013 9:12:08 PM   


Posts: 16
Joined: 12.May2008
Status: offline
We have installed TMG 2010 on a very basic network setup.
Our current setup is:

Internet <---> TMG2010 <---> Internal Network (Domain Controller, File Servers, Workstations, etc.)

Now my curious question is in TMG2010. The server (TMG2010) has 2 NICs. 1 for the "Internet" and 1 for the "Internal Network". The problem with this is the DNS configuration. I need TMG2010's "Internal Network" NIC to point its DNS to the Domain Controller for AD authentication of users and I also need TMG2010's "Internet Network" NIC to point its DNS to my ISP's DNS server to resolve internet traffic requests. So is it a best practice to have DNS on both NIC's? I sometimes get very slow response time with the server and I suspect its the DNS issue.

Here is the workaround I did and I don't know if this will have security or technical issues.
I left the "Internet" NIC's DNS blank and set the "Internal Network" NIC's DNS to point to AD. Then at AD, I setup DNS forwarder to point to the ISP's DNS server. I then set at my TMG2010 machine a DNS rule for AD's queries.

With this setup everytime TMG2010 needs to resolve a DNS for an internet traffic, it forwards the DNS resolution to the AD and the AD does the DNS resolution and gives it back to TMG2010 for internet traffic requests.

Post #: 1
RE: DNS Passing, Loopback - 29.Jul.2013 2:39:42 PM   


Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Your workaround is the correct way to configure the Interfaces. Also, make sure the internal interface is the first listed in the binding order. For more information, check out http://www.isaserver.org/articles-tutorials/installation-planning/Configuring_ISA_Server_Interface_Settings.html .


(in reply to baboy168)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> DNS Passing, Loopback Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts