Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ISA Server prevents DNS queries 1

Status
Not open for further replies.
mauromi

mauromi

Technical User
Jul 13, 2003
3
IT
Hi all,
I use SBS 200 SP1 (win2k sp3) to control my network.

The server has two network cards:
- internal NIC with 192.168.0.1
- external NIC with IP address dynamically assigned by ISP

If ISA service is NOT running, and I open a command prompt, run DNSLOOKUP (which points to itself: 192.168.0.1) the and then I write I correctly receive the IP address from a non-authoritative server.

If ISA service is running and I do the previous thing, it is not possible to get resolve any DNS name.

However, if I try to do a PING to the same name server (ex: PING everything works fine, because, I think, it tries on the external ip address which uses the ISP DNS.

The problem is that, with this problem, my server is not able to solve the MX records when ISA si running (and it must run to allow my users to use Internet!) and send the mails of my users through Exchange Server.

Thanks for any help

mauro
 
Sort by date Sort by votes
Create a Packet filter to allow the ISA server to do DNS lookups. Then add a protocol rule.

ISA access is goverend by packet filters ;) Just like when you want to browse the inet with ISA you will want to create packet filter for HTTP you do the same for DNS.
 
Upvote 0 Downvote
Please correct me if I'm wrong, but packet filters can only BLOCK requests, not allow.
I've just set two very easy rules:
- a protocol ruls which allows all internal clients to use any protoco at all times
- a site and content rule which allows everyone access to content on all sites at ll times

I have several packet filters already preconfigured, can you give me more details on how I should eventually add a new one, if I need it?

Thanks again

mauro
 
Upvote 0 Downvote
Hi

Had the same problem, my work round was that i installed DNS on the ISA firewall with forward lookups to my ISP
created forward lookups on my internal DNS to the ISA server
could then use DNSlookup from intetnal to resolve web sites.
DNS is installed in cache mode i.e delete all records, make stand alone so that all it is doing is forwarding the request from internal to external.
this was something that Microsoft suggested i set up?

hope it helps
 
Upvote 0 Downvote
This is actually what I did!

The problem is that when ISA service is running, my DNS is not able to foward the requests to the ISP DSN.

As soon as I stop the ISA service, instead, the local DNS is immediately able to solve through the Internet DNS (I get an answer from a non-authoritative server).

So, my question: how can I get the same behaviour while ISA Service is running?

TX

mauro
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
164
burtsbees
burtsbees
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
147
Russtoleum
Russtoleum
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
170
ChrisHirst
ChrisHirst
RodneyMcSnow
  • Locked
  • Question
TZ400 -how to prevent dns attacks
Replies
2
Views
145
RodneyMcSnow
RodneyMcSnow
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
119
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top