Solved

Can't resolve external DNS behind new isa 2006

Posted on 2008-10-08
9
812 Views
Last Modified: 2012-05-05
Ok i am just implementing a new isa 2006 server and i am of course having a problem with dns...here is my setup

DSL-->ISA-->Internal

on isa my internal nic is
ip 192.x.x.254
sub 255.255.255.0
gw 0.0.0.0

DNS 192.x.x.5

My external nic is
ip public address
sub 255.255.255.248
gw same as internal interface of dsl modem\router Netopia 3346-ENT

no dns servers

now ive researched all over and i can't figure out why it doesn't work...i have no forwarders configured (i want to use the root servers)...however when i run a simple and recursive dns query in 2008 the simple passes but the recursive fails

my only rules right now are

Inbound smtp - allow - SMTP Server - External - Exchange server
Web Publish - allow - HTTP - Listener - Web Server
Inbound DNS - allow - DNS - AD DNS Server (my PDC) - External
All Access - Allow - All Outbound - internal,localhost,vpn clients - External

the inbound smtp and http both work so i assume my ip modem setup is correct...i can hit it from all ip addresses i have

there has to be something stupid i am misssing here becasue everyone else i read about found a fix that didn't work for me...please help

thanks
0
Comment
Question by:lacunabridge
9 Comments
 
LVL 9

Expert Comment

by:cdbeste
Comment Utility
0
 

Author Comment

by:lacunabridge
Comment Utility
Yes actually and i wasn't clear on whether or not it meant set both nics dns to the local dns server or just the internal...so i tried both, none of that helped

should i maybe uninstall-reinstall?

thanks
0
 
LVL 6

Expert Comment

by:Hisham_Elkouha
Comment Utility
192.x.x.5 is your DNS?

if it is , try to add forwars to it with DNS if your ISP
0
 
LVL 11

Expert Comment

by:EricTViking
Comment Utility
Your settings look fine except for your internal nic default GW being 0.0.0.0 - this should be blank.

Your internal DNS server is correctly set to point to your internal DNS server, and your external NIC DNS servers should be blank.

You shouldn;t have a problem using root hints (no forwarders), just make sure you allow DNS *outgoing* from your DNS server to external. You mentioned your DNS rule is inbound - should be outbound.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:lacunabridge
Comment Utility
Hey guys thanks for helping first of all...now the gateway thing i did was just for show, i don't in fact have anything put in their i just used the 0's to examplify that...so this is what the internal nic looks like

IP: 192.x.x.254
Sub: 255.255.255.0
GW: BLANK

And on that rule the outbound DNS is just a name...the rule is right, correct?

because i understand it that DNS is allowed from my DNS server to external...am i wrong?...and just to make sure im not missing something...i have a 5 sticky static ip address and on the modem i pretty much have it set to pppoe then to bypass the public (i think, its telnet and i hate to say it but i just get GUI better) anyway, i have dns configured on it, would that casue problems?...also its funny my default GW is .185 and i make the external ip .186 and add all through .190 on the addtional ip addresses, but the only ones that respond are... .187-.190                  
.186 doesn't work

hope this helps...i actually had to revert my setup last night so i am fixing to start testing again...so if you guys could be close i would appreciate it...anyway again thanks for the help
0
 

Author Comment

by:lacunabridge
Comment Utility
im a freaking idiot, i obviously have work to do on my ip setup...after typing what i just wrote i realized that hey maybe if .186 isn't listening then how the hell is the dns going to get back in, so i change it to 186 and boom everything works...well maybe i don't completely understand it, but thats a different post all together

thanks for all your help guys...unless anyone has any helpful comments from here i will distribute the points to you guys for helping
0
 

Author Comment

by:lacunabridge
Comment Utility
ok maybe i jumped the gun...i may need help with my ip scheme more than anything...after i saw it worked i made a phone call then when i got back it was broken again...so i obviosuly didn't give it enough time for the changes to take affect...so im back to where i started...any ideas?


thanks guys
0
 

Author Comment

by:lacunabridge
Comment Utility
Ok i called my isp and they defenatly see something wrong...so ill keep you posted
0
 

Accepted Solution

by:
lacunabridge earned 0 total points
Comment Utility
ok, it turns out that it was in fact an issue with the ip scheme and my isp...they are working on it but i have a functional system for the most part

thanks for your input guys, i appreciate it
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now