Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

DNS dose not resolve externally

Hi. I have got a windows 2000 domain controllers and an ISA server acting as the internet gateway. I hve set all my domain clients DNS as the ISA server IP. The situation I am having is that Internet is working OK. But Outlook can not see the mail server to download emails. When I changed the DNS IP in one of the clients to the external ISP one. Outlook is ok. What could be the problem. Thanks
0
mostafa67
Asked:
mostafa67
  • 2
1 Solution
 
gnegrotaCommented:
In your case,ISA server must accting like a DNS "proxy", i.e. forwarding all requests to a DNS servers that can resolv the querry. In effect, a DNS service with only cache and 'forward' it's all that you need.
When ISA is acting like Proxy, this function are working for all requests, but is NOT a DNS service ! Firewalling function permit , with the proper settings, a transparent access to external DNSs. So :
1) Install a DNS service on ISA server and set just FW function (to some external DNSs)
or
2) Use internal DNS (if you have) to resolv addresses
or
3) Use for all clients internal and/or external DNSs.

C.U.
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
On your domain, all your internal clients should be looking at your internal DNS servers for resolution first.  Your internal DNS servers can then point to the ISA server if their resolution fails.  In that way, you will get internal and external resolution as well as the benefits of caching on the ISA server.  As gnegrota said, you can also install DNS on the ISA server too.

Steve
0
 
Fred MarshallPrincipalCommented:
You can have more than one DNS server identified on a client.

So, add external DNS addresses on the clients.

It's simple, it's more robust in case of a failure, etc. etc.
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
In a well designed network, if one Domain DNS server fails, the failover is another DNS server on the network.   By utilizing them, you get the advantages of the Caching that the servers do for addresses they look up.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now