Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS structure including NAT and ISP's and ISA's ** :) ! *

Status
Not open for further replies.

ancientcontra

Technical User
Jun 30, 2005
42
GB
Ok I have 3 internal DC's that have no access to the internet, and have their forwarders pointing to our ISA server. Normal ADI DNS on all 3.

The ISA server is not in a DMZ, and gets its web traffic from an ISA upstream server, which is in another company.
We have a 100meg link to this company and are only sperated by a liberal firewall The ISA server holds a caching only DNS zone, and has forwarders that point to 2 DNS servers at the same company, which pass all our external queries.

We want to do our own lookups for external names, taking this company out of the equation.

The ISA server will need to be NAT'ed out our cisco ASA firewall to one of our external addresses, so we dont have to rely on an upstream server.

My questions are :
(1) Should I get all external lookups done by the ISA server as it will be NAT'ed out ? then have the forwarders on that server point to our ISP's ? I then change the DNS server on the ISA server to point to itself ? or point to the ISP ?
(2) If the DC's need to do external lookups, do I just allow DNS traffic to these boxes, and use dynamic nat using the firewall's address ?

I havent done this for a while any help at all would be greatly appreciated.

Nick.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top