Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

External DNS

Status
Not open for further replies.

micon55

MIS
Feb 22, 2001
74
GB
Do I need to have a DNS server on my internal network if my internal clients can connect successfully to our external DNS?
I am trying to get Exchange working from our internal network without success using ISA Server.
As soon as ISA is installed, the external interface on ISA can no longer be contacted either from outside or inside.

Thanks in advance.
 
1. If you have a wink2/2k3 AD domain, then DNS is required. All internal devices should use that internal DNS server. Your internal DNS server should have the external DNS configured as forwarders.

2. Asuming ISA is in 'firewall' mode, this is normal. Any firewall's external interface will not respond to pings or any other request unless specifically configured to do so.

MCSE CCNA CCDA
 
Dearingkr,
Thanks for the response. One other question; if I configure an internal server to act as a DNS server, would this cause my other users problems. They currently connect through our firewall for DNS queries. Or could I just configure the mail servers to use the internal dns?
 
Configure DHCP and all internal devices to use the internal DNS.

Make sure your internal DNS server has forwarders configured, pointing to the external DNS servers.

MCSE CCNA CCDA
 
Many thanks for this. I think we may have to go back to the drawing board.
I only want the ISA Server to handle email access, (delivery and OWA), we already have a Firewall for everything else. I can make one of our internal DC's a DNS server, but I don't want the ISA to be the gateway for everything, (SecureNAT). I keep reading about how simple this is, but having spent 4 days trying to find a solution, Whenever I change the internal dns and front-end gateway to the ISA, OWA access slows to a crawl.
I am stumped.

Thanks again.
Mike
 
OK, I am thoroughly confused.

"Whenever I change the internal dns and front-end gateway to the ISA, OWA access slows to a crawl."

Is ths ISA server also the DNS server?
What do you mean by "front-end gateway"?

Maybe we should start over...
Are you running a Active Directory domain?

MCSE CCNA CCDA
 
Sorry, I'm not being very clear here. After 4 days, my head is muddled.

We have an AD W2K domain, no internal DNS was ever configured because we had a range of different client O/S. So all clients get their DNS info from our DNS server in the DMZ. This means all dns and web requests go through the Firewall. (Not ideal, I know).

All we want to achieve is to allow mail delivery and OWA through an ISA server located in the DMZ. This is dual homed with a second interface for the internal network.

Both our Exchange Front-end and Back-end servers are located internally. I keep reading stuff about changing the default gateways on our internal DNS and front-end servers to point to the ISA server internal Address, but the DNS we would use is also a DC. When I do change the Ex Front-end to point to ISA as gateway, it slows to a crawl.

Is there not a simple way of configuring ISA to just communicate SMTP and OWA traffic to the Exchange Front-end server?

Thankyou for your patience.
Mike
 
Ok, I think I've got a better idea of your setup now.

1. If your network is routing traffic properly, why mess with the default gateway settings? No need to.

2. An AD Win2k domain requires DNS to work properly. Strongly recommend you configure one of your DCs for DNS. Configure the new DNS server to use your DMZ DNS as a forwarder. Point all LAN devices to use the new DNS server. As a side note: I can't figure out why you have a DNS server in your DMZ.

3. On your ISA server, you just need to publish the front-end server.
See this posting:

Also, don't forget to check your publin domain name MX records.

MCSE CCNA CCDA
 
That's great. Thanks for your help with this. I'll be giving it a try early next week.

Thanks again.
Mike
 
No problem.

post back here and let me know how it comes out.

MCSE CCNA CCDA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top