• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DNS Query problem with 2 NICs on ISA2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> DNS Query problem with 2 NICs on ISA2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
DNS Query problem with 2 NICs on ISA2004 - 13.Jul.2005 6:36:00 AM   
kritt

 

Posts: 29
Joined: 19.Apr.2001
Status: offline
I have problem with DNS Query. Firewall client users can access internet but they always get dns error. Please help.

Detail :
I have 2 NICS on ISA 2004 Server. One connect to internal network and the other connect to ZyXel Prestige 650R-31 (over POTS)ADSL router.

ISA configuration :
Network Edge Firewall
Internal network 172.16.1.0-172.16.1.255

NIC 1 :
IP 172.16.1.30
Subnet 255.255.255.0
Gateway -
DNS 172.16.1.1

NIC 2 :
IP 192.168.1.30
Subnet 255.255.255.0
Gateway 192.168.1.1
DNS 192.168.1.1
Post #: 1
RE: DNS Query problem with 2 NICs on ISA2004 - 13.Jul.2005 2:00:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline
Did you configure the firewall clients to use the local DNS server or ISA server for name resolutions?

[ July 13, 2005, 02:07 PM: Message edited by: ISAwader ]

(in reply to kritt)
Post #: 2
RE: DNS Query problem with 2 NICs on ISA2004 - 14.Jul.2005 2:40:00 AM   
kritt

 

Posts: 29
Joined: 19.Apr.2001
Status: offline
I have DHCP distributing IP and local DNS to clients. Client can access internet via ISA Server by installing Fire Wall Client.

Is there any specific configuration on Network Connections when using 2 NICs (Internal and External network) on ISA Server ?

(in reply to kritt)
Post #: 3
RE: DNS Query problem with 2 NICs on ISA2004 - 14.Jul.2005 4:09:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi kritt,

remove the DNS entry from NIC2 and configure your internal DNS server with forwarders. Of course don't forget to create an access rule for the internal DNS server.

HTH,
Stefaan

(in reply to kritt)
Post #: 4
RE: DNS Query problem with 2 NICs on ISA2004 - 14.Jul.2005 4:31:00 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I was told by M$ to set the DNS on both NICS to the internal one or else the OS will put in 127.0.0.1 instead.

(in reply to kritt)
Post #: 5
RE: DNS Query problem with 2 NICs on ISA2004 - 14.Jul.2005 4:44:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi LLigetfa,

thanks for that info!

My preferred config is to put a caching only DNS server on ISA itself with stub zones for the internal domains. With this setup, no direct connection is needed between the internal DNS servers and the external world.

HTH,
Stefaan

(in reply to kritt)
Post #: 6
RE: DNS Query problem with 2 NICs on ISA2004 - 14.Jul.2005 6:56:00 PM   
jbarsodi

 

Posts: 114
Joined: 10.Aug.2001
From: Sparks, NV
Status: offline
quote:
Originally posted by spouseele:
Hi LLigetfa,

thanks for that info!

My preferred config is to put a caching only DNS server on ISA itself with stub zones for the internal domains. With this setup, no direct connection is needed between the internal DNS servers and the external world.

HTH,
Stefaan

Sounds interesting, so with that setup, the ISA's DNS server would query the external source and the internal domain DNS would query the ISA's DNS?

Doesn't this just provide another point of failure?

What would be your Access Rules for this?

Allow DNS from Local Host to External AND
Allow DNS from internal to local host?

(in reply to kritt)
Post #: 7
RE: DNS Query problem with 2 NICs on ISA2004 - 15.Jul.2005 3:51:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jbarsodi,

quote:
Sounds interesting, so with that setup, the ISA's DNS server would query the external source and the internal domain DNS would query the ISA's DNS?
Yep, that's correct. Also, if you have one or more perimeter networks, those hosts can also use the caching only DNS server on ISA.

quote:
What would be your Access Rules for this?
Allow DNS from Local Host to External AND
Allow DNS from internal to local host?

Correct!

quote:
Doesn't this just provide another point of failure?
I don't think so. ISA should be by design your only egress port. Therefore ISA should be closely monitored in any way and a solid DNS setup is vital for the correct working of ISA server.

For more info about the new features in W2K3 DNS, check out:
- http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
- http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

HTH,
Stefaan

(in reply to kritt)
Post #: 8
RE: DNS Query problem with 2 NICs on ISA2004 - 15.Jul.2005 11:04:00 PM   
kritt

 

Posts: 29
Joined: 19.Apr.2001
Status: offline
Hi Spouseele,

Could you please suggest step by step installing caching-only DNS and configure both NICs.

Thanks

(in reply to kritt)
Post #: 9
RE: DNS Query problem with 2 NICs on ISA2004 - 16.Jul.2005 3:52:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi kritt,

check out http://www.isaserver.org/articles/snatdns.html . Also, there exist something like a help file for DNS too! [Big Grin]

BTW --- don't forget that stub zones are only supported if the DNS server is running on W2K3 or higher.

HTH,
Stefaan

(in reply to kritt)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> DNS Query problem with 2 NICs on ISA2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts