OK, so I have read the article by Jim Harrison about DNS and the importance of having it all set up properly, but I am still non the wiser. I think I have quite a simple setup on our network; One W2K Server domain controller with exchange 5.5 on it and one W2K Server with ISA setup as integrated and stand alone.
At the moment our general web access is very sluggish (the "message icons" on this very page still haven't loaded!) and our outgoing mail is queuing up (probably cause of timeouts). I have this nagging feeling that it is all down to DNS (all protocol rules and packet filters seem to be setup right).
If anyone can at the least push me in the right direction as to how I should have dns setup I would be most grateful.
At the moment:
NIC 1 (Internal) IP: 192.168.0.203 SM: 255.255.255.0
DNS: 192.168.0.200 (Our DC)
NIC 2 (ADSL) IP: our external adsl ip (fixed) SM: 255.255.255.248 DG: our adsl router IP
DNS: our adsl router IP
Really lost on this one, so any help will be more than appreciated.
2) Configure a DNS server on the internal network to resolve Internet host names.
For the latter, this are the configuration steps:
1) configure the internal DNS server as a SecureNAT client. That means his default gateway should point to the ISA internal interface.
2) enable forwarders on your internal DNS server and specify there your ISP DNS servers. Also, make sure you check the ˘Do not use recursion÷ box.
3) create on ISA a client address set containing your internal DNS server.
4) create on ISA a *seperate* protocol rule allowing the protocols DNS Query (UDP port 53 send/receive) *and* DNS Zone Transfer (TCP port 53 outbound) and apply it to the above created client address set.
5) create on ISA a *seperate* site&content rule allowing access to any destination or better to a destination set containing your ISP DNS servers, and apply it to the above created client address set.
Now, thoroughly test the DNS name resolving with the command nslookup. All should work well. Last but not least, never touch the DNS protocol and site&content rule again. You should now have a very stable DNS infrastructure.
OMG, that is soooo weird. I just found those steps to follow in a different thread, got all excited, sent the link to my work address and was just going to close this thread with a "dont worry, I've found a great thread to be working on"!
Thanks for the help (both times) hopefully by tomorrow lunchtime I will have a nice stable DNS structure. (Blimey, that's possibly the geekiest thing I have every typed!)