Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 315
  • Last Modified:

which ports do I open up in isa server for external DNS name servers

I have sbs 2003 with isa installed on it....... I am doing my own name server work on the same machine.......... I have done it before with regular server... I have my dns and forwarding zones correct, but it does not work with dnsreport............ I know it's an ISA Server issue..

which ports do I need to open up inorder for everything to work


domain is microwebok.com


thanks

Mark Williams
0
kooleecoyote
Asked:
kooleecoyote
3 Solutions
 
prashsaxCommented:
Port 53/UDP for DNS.

Open it from External to Internal/Localhost and other way round as well.
0
 
kooleecoyoteAuthor Commented:
still not working
0
 
prashsaxCommented:
Your SBS has two network cards in it.

One would have Public IP and second will have private.

Is your Public IP  66.49.81.150.(On External NIC).

Check in DNS properties, if its listening on both interfaces and not just on internal.

0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
kooleecoyoteAuthor Commented:
OK...l I did that also...
On the dns reports is says this:  
Your NS records at your nameservers are:

[None of your nameservers returned your NS records; they could be down
 or unreachable, or could all be lame nameservers

this is info

then a warning:

WARNING: At least one of your nameservers did not return your NS records (it reported 0 answers). This could be because of a referral, if you have a lame nameserver (which would need to be fixed).

66.49.81.150 returns 0 answers (may be a referral)
66.49.81.150 returns 0 answers (may be a referral)

then a few lines down.... a failure..

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
god.microwebok.com.
remote.microwebok.com.


this has to be ISA SERVER.... I should have gotten all this working before I installed it
0
 
Leon FesterIT Project Change ManagerCommented:
Use the monitoring tool in ISA to see what it is blocking.

Enable the monitor to display realtime results and then try to update your DNS server manually.

You should then be able to see what ISA is blocking and what rule is being applied.

Access the monitoring tool by.
Selecting "Monitoring"
Select the "Logging" Tab
Set the query for:
Log Record Type: Firewall and Web Proxy Filter
Log Time: Live

Click "Start Query"

This way you will know if the correct ports are open, and if not, open them accordingly.
0
 
prueconsultingCommented:
53 UDP is for regular DNS requests.

However some systems do resort to using 53 TCP and as well 53 TCP is utilized for Zone Transfers
0
 
Kumar_Jayant123Commented:
Hi,

I am assuming it is an ISA sever 2004.

Create a Rule on the ISA server, From External and Localhost to External and Localhost allow DNS(UDP 53).

Thanks
Kumar
0
 
ahoffmannCommented:
use a sniffer (like ethereal) to check which ports and protocols your DNS uses (reading the docs or using the nice click&go GUI would be another method:)
Following requirements could be there:
   - port 53 UDP, both directions
   - TCP port 53 in both directions
   - TCP destination port 53 with any local port
   - any combination of the above
If you don't know, open UDP port 53 in both directions *and* TCP port 53 in both directions *and* TCP destination port 53 from any local port in both directions.
0
 
sgh_abaCommented:
Also look at your LAT, and make sure you only have the default GW on the Public NIC only.
0
 
Ron MalmsteadInformation Services ManagerCommented:
You have to allow the protocol incoming and outgoing first...

Then create an outgoing traffic rule.

It's a two step process...

Simply enabling 53 won't do it in ISA.

0
 
kooleecoyoteAuthor Commented:
I actually had my registrar do my DNS.. but still had problems doing other things with ISA intalled. decided to uninstall it until I get everyting workikng first.. then I'll try to put it on again after my vacation   ( heading down to the storm in Florida).....   Thanks for your input and I will surely be asking more questions after I get it installed again.

Makr
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now