Solved

Can't resolve external DNS behind new isa 2006

Posted on 2008-10-08
9
813 Views
Last Modified: 2012-05-05
Ok i am just implementing a new isa 2006 server and i am of course having a problem with dns...here is my setup

DSL-->ISA-->Internal

on isa my internal nic is
ip 192.x.x.254
sub 255.255.255.0
gw 0.0.0.0

DNS 192.x.x.5

My external nic is
ip public address
sub 255.255.255.248
gw same as internal interface of dsl modem\router Netopia 3346-ENT

no dns servers

now ive researched all over and i can't figure out why it doesn't work...i have no forwarders configured (i want to use the root servers)...however when i run a simple and recursive dns query in 2008 the simple passes but the recursive fails

my only rules right now are

Inbound smtp - allow - SMTP Server - External - Exchange server
Web Publish - allow - HTTP - Listener - Web Server
Inbound DNS - allow - DNS - AD DNS Server (my PDC) - External
All Access - Allow - All Outbound - internal,localhost,vpn clients - External

the inbound smtp and http both work so i assume my ip modem setup is correct...i can hit it from all ip addresses i have

there has to be something stupid i am misssing here becasue everyone else i read about found a fix that didn't work for me...please help

thanks
0
Comment
Question by:lacunabridge
9 Comments
 
LVL 9

Expert Comment

by:cdbeste
ID: 22675681
0
 

Author Comment

by:lacunabridge
ID: 22676022
Yes actually and i wasn't clear on whether or not it meant set both nics dns to the local dns server or just the internal...so i tried both, none of that helped

should i maybe uninstall-reinstall?

thanks
0
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 22676057
192.x.x.5 is your DNS?

if it is , try to add forwars to it with DNS if your ISP
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22676324
Your settings look fine except for your internal nic default GW being 0.0.0.0 - this should be blank.

Your internal DNS server is correctly set to point to your internal DNS server, and your external NIC DNS servers should be blank.

You shouldn;t have a problem using root hints (no forwarders), just make sure you allow DNS *outgoing* from your DNS server to external. You mentioned your DNS rule is inbound - should be outbound.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:lacunabridge
ID: 22680292
Hey guys thanks for helping first of all...now the gateway thing i did was just for show, i don't in fact have anything put in their i just used the 0's to examplify that...so this is what the internal nic looks like

IP: 192.x.x.254
Sub: 255.255.255.0
GW: BLANK

And on that rule the outbound DNS is just a name...the rule is right, correct?

because i understand it that DNS is allowed from my DNS server to external...am i wrong?...and just to make sure im not missing something...i have a 5 sticky static ip address and on the modem i pretty much have it set to pppoe then to bypass the public (i think, its telnet and i hate to say it but i just get GUI better) anyway, i have dns configured on it, would that casue problems?...also its funny my default GW is .185 and i make the external ip .186 and add all through .190 on the addtional ip addresses, but the only ones that respond are... .187-.190                  
.186 doesn't work

hope this helps...i actually had to revert my setup last night so i am fixing to start testing again...so if you guys could be close i would appreciate it...anyway again thanks for the help
0
 

Author Comment

by:lacunabridge
ID: 22680455
im a freaking idiot, i obviously have work to do on my ip setup...after typing what i just wrote i realized that hey maybe if .186 isn't listening then how the hell is the dns going to get back in, so i change it to 186 and boom everything works...well maybe i don't completely understand it, but thats a different post all together

thanks for all your help guys...unless anyone has any helpful comments from here i will distribute the points to you guys for helping
0
 

Author Comment

by:lacunabridge
ID: 22680499
ok maybe i jumped the gun...i may need help with my ip scheme more than anything...after i saw it worked i made a phone call then when i got back it was broken again...so i obviosuly didn't give it enough time for the changes to take affect...so im back to where i started...any ideas?


thanks guys
0
 

Author Comment

by:lacunabridge
ID: 22681001
Ok i called my isp and they defenatly see something wrong...so ill keep you posted
0
 

Accepted Solution

by:
lacunabridge earned 0 total points
ID: 22683496
ok, it turns out that it was in fact an issue with the ip scheme and my isp...they are working on it but i have a functional system for the most part

thanks for your input guys, i appreciate it
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now