which ports do I open up in isa server for external DNS name servers

I have sbs 2003 with isa installed on it....... I am doing my own name server work on the same machine.......... I have done it before with regular server... I have my dns and forwarding zones correct, but it does not work with dnsreport............ I know it's an ISA Server issue..

which ports do I need to open up inorder for everything to work

domain is microwebok.com


Mark Williams
Who is Participating?
Ron MalmsteadInformation Services ManagerCommented:
You have to allow the protocol incoming and outgoing first...

Then create an outgoing traffic rule.

It's a two step process...

Simply enabling 53 won't do it in ISA.

Port 53/UDP for DNS.

Open it from External to Internal/Localhost and other way round as well.
kooleecoyoteAuthor Commented:
still not working
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Your SBS has two network cards in it.

One would have Public IP and second will have private.

Is your Public IP External NIC).

Check in DNS properties, if its listening on both interfaces and not just on internal.

kooleecoyoteAuthor Commented:
OK...l I did that also...
On the dns reports is says this:  
Your NS records at your nameservers are:

[None of your nameservers returned your NS records; they could be down
 or unreachable, or could all be lame nameservers

this is info

then a warning:

WARNING: At least one of your nameservers did not return your NS records (it reported 0 answers). This could be because of a referral, if you have a lame nameserver (which would need to be fixed). returns 0 answers (may be a referral) returns 0 answers (may be a referral)

then a few lines down.... a failure..

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:

this has to be ISA SERVER.... I should have gotten all this working before I installed it
Leon FesterSenior Solutions ArchitectCommented:
Use the monitoring tool in ISA to see what it is blocking.

Enable the monitor to display realtime results and then try to update your DNS server manually.

You should then be able to see what ISA is blocking and what rule is being applied.

Access the monitoring tool by.
Selecting "Monitoring"
Select the "Logging" Tab
Set the query for:
Log Record Type: Firewall and Web Proxy Filter
Log Time: Live

Click "Start Query"

This way you will know if the correct ports are open, and if not, open them accordingly.
53 UDP is for regular DNS requests.

However some systems do resort to using 53 TCP and as well 53 TCP is utilized for Zone Transfers

I am assuming it is an ISA sever 2004.

Create a Rule on the ISA server, From External and Localhost to External and Localhost allow DNS(UDP 53).

use a sniffer (like ethereal) to check which ports and protocols your DNS uses (reading the docs or using the nice click&go GUI would be another method:)
Following requirements could be there:
   - port 53 UDP, both directions
   - TCP port 53 in both directions
   - TCP destination port 53 with any local port
   - any combination of the above
If you don't know, open UDP port 53 in both directions *and* TCP port 53 in both directions *and* TCP destination port 53 from any local port in both directions.
Also look at your LAT, and make sure you only have the default GW on the Public NIC only.
kooleecoyoteAuthor Commented:
I actually had my registrar do my DNS.. but still had problems doing other things with ISA intalled. decided to uninstall it until I get everyting workikng first.. then I'll try to put it on again after my vacation   ( heading down to the storm in Florida).....   Thanks for your input and I will surely be asking more questions after I get it installed again.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.