Discussion of Name Resolution for SecureNAT clients article (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client



Message


tshinder -> Discussion of Name Resolution for SecureNAT clients article (5.Aug.2003 6:13:00 PM)

This thread is for discussion of the Supporting Internet Host Name Resolution for ISA Server SecureNAT Clients article at http://isaserver.org/articles/snatdns.html.

Thanks!
Tom

[ August 06, 2003, 08:26 AM: Message edited by: tshinder ]




BaanMan -> RE: Discussion of Name Resolution for SecureNAT clients article (7.Aug.2003 6:01:00 PM)

Hello Tom,

I've made a posting in Forum: ISA Server General - Installation - Caching DNS on ISA - today.

I can't get this Packetfilter DNS(TCP) running

The Caching DNS running fine with UDP Port:53
So I can use only my ISA and my Mail/Web/Time/Virus-Server to go Outside.
The Servers with DNS have nomore need to go Outside because I use the DNS on ISA as Forwarder.

That's fine for securety.

Greetings BaanMan




tshinder -> RE: Discussion of Name Resolution for SecureNAT clients article (8.Aug.2003 3:52:00 AM)

Hi BaanMan,

Great! The caching only DNS server is the best option from a security point of view.

Thanks!
Tom




skipster -> RE: Discussion of Name Resolution for SecureNAT clients article (12.Aug.2003 11:59:00 PM)

Quick question.

If i use DHCP on the internal network to hand out the ip address of my internal DNS server, and i have configured a DNS caching server on ISA, then which DNS server do i point my clietns to in order to resolve internal names and FQDN on the internet? The clients cant use the DNS server on ISA for name resolution on the internal network, wouldnt thsi be a problem?

I have always just configured my internal AD DNS server to use my ISP as a forwarder, and i never ran into a problem with name resolution on the internal network, or resolving names on the internet.

I guess I'm a bit confused.

Thanks

Skip

Skip




BaanMan -> RE: Discussion of Name Resolution for SecureNAT clients article (13.Aug.2003 9:57:00 AM)

Hey skipster,

for your clients use your internal DNS-Servers - roll out with DHCP - !
Use only the Caching DNS on ISA as forwarder in the settings of your internal DNS-Servers.
In the Caching DNS on ISA use your ISP-DNS as forwarder.
So the Caching DNS on ISA is the only DNS-Server seeing the Outside !

Greetings BaanMan




skipster -> RE: Discussion of Name Resolution for SecureNAT clients article (13.Aug.2003 5:08:00 PM)

Gotcha! Thanks Bro for clearing that up for me.

When i was reading this particular article, I just got done tring to install a Lotus Notes server, this is why I think i got so confused reading Toms article. [Smile]




lilhalf9 -> RE: Discussion of Name Resolution for SecureNAT clients article (18.Aug.2003 5:39:00 AM)

i'm having the same problem with my 2003srv and isa timeing out after it's idle for several hours. the only way i've been able to fix it is reboot the isa box and all is well. Is there a way to avoid this or work around it? i also don't understand why it times out after being idle. all clients are secureNat clients and isa box is forwarder to isp for dns cacheing. please help

lilhalf




spouseele -> RE: Discussion of Name Resolution for SecureNAT clients article (30.Oct.2003 10:47:00 PM)

Hi Tom,

did you already checked out Support WebCast: Microsoft Windows Server 2003 DNS: Stub Zones and Conditional Forwarding ? A nice addition to your article about a caching only DNS server.

HTH,
Stefaan




ftoddt -> RE: Discussion of Name Resolution for SecureNAT clients article (4.May2004 9:18:00 PM)

The Installation Write Up looks great but I am pretty new at this and I am unsure of what is meant in #2. "click on an address not bound to the internal interface of the ISA Server Firewall"
I don't know what bound means in this. My Isa server has 1 internal IP on the LAN and 3 routable IP's on the WAN of which two are used for listeners for a web server and exchange server behind the ISA server. What IP do I select in this write up? Please help!




Guest -> RE: Discussion of Name Resolution for SecureNAT clients article (25.Jun.2004 7:16:00 PM)

Great article! Can you tell me how can I obtain the same result with isa server 2004?
I don't know how to replicate ip packet filters in 2004...

Thanks a lot.

Ricky




robh -> RE: Discussion of Name Resolution for SecureNAT clients article (9.Jul.2004 12:43:00 PM)

Hi I posted in the wrong place before I found this thread can anybody help me with my problem see this thread

http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=8;t=000674




heathbain -> RE: Discussion of Name Resolution for SecureNAT clients article (25.Sep.2006 5:53:39 PM)

Hello:

Tried this on ISA 2004, but am having problems finding the right place in the interface to set the DNS zone xfer packet filter (port53)

Can you point me in the right direction?

I fear that this forum might be dead now that ISA 2006 is popping up.

Please advise.




mehdi_alipour -> RE: Discussion of Name Resolution for SecureNAT clients article (30.Jul.2007 7:03:27 AM)

hi everyone
Our Platform
clients were connected to the internet using a router without Valid IP.
I installed ISA server 2004 and now everybody in connected to the internet with webproxy though ISA server also without valid IP.
Clients-ISA-Router-ISP-Internet
I configured DNS for SecurNAT clients du to the tom's instruction .
Both DNS and ISA are in the same Machine.
DNS forwarder IP = Router Internal IP.
Clients TCP/IP configuration :
Dynamic IP From DHCP
Default Gateway : ISA Internal IP
Primary DNS          : ISA Internal IP
aslo add DNS server publishing rule in firewal policy.
But I'm not able to access internet from clients with this configuration .
[8|][8|][8|]




elmajdal -> RE: Discussion of Name Resolution for SecureNAT clients article (30.Jul.2007 12:43:25 PM)

quote:

DNS forwarder IP = Router Internal IP.


The Internal DNS Server should forward requests to your ISP DNS Servers, remove the Router IP and put your ISP DNS Servers




Page: [1]