• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 903
  • Last Modified:

Can't resolve external DNS behind new isa 2006

Ok i am just implementing a new isa 2006 server and i am of course having a problem with dns...here is my setup


on isa my internal nic is
ip 192.x.x.254

DNS 192.x.x.5

My external nic is
ip public address
gw same as internal interface of dsl modem\router Netopia 3346-ENT

no dns servers

now ive researched all over and i can't figure out why it doesn't work...i have no forwarders configured (i want to use the root servers)...however when i run a simple and recursive dns query in 2008 the simple passes but the recursive fails

my only rules right now are

Inbound smtp - allow - SMTP Server - External - Exchange server
Web Publish - allow - HTTP - Listener - Web Server
Inbound DNS - allow - DNS - AD DNS Server (my PDC) - External
All Access - Allow - All Outbound - internal,localhost,vpn clients - External

the inbound smtp and http both work so i assume my ip modem setup is correct...i can hit it from all ip addresses i have

there has to be something stupid i am misssing here becasue everyone else i read about found a fix that didn't work for me...please help

1 Solution
lacunabridgeAuthor Commented:
Yes actually and i wasn't clear on whether or not it meant set both nics dns to the local dns server or just the internal...so i tried both, none of that helped

should i maybe uninstall-reinstall?

192.x.x.5 is your DNS?

if it is , try to add forwars to it with DNS if your ISP
Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Your settings look fine except for your internal nic default GW being - this should be blank.

Your internal DNS server is correctly set to point to your internal DNS server, and your external NIC DNS servers should be blank.

You shouldn;t have a problem using root hints (no forwarders), just make sure you allow DNS *outgoing* from your DNS server to external. You mentioned your DNS rule is inbound - should be outbound.
lacunabridgeAuthor Commented:
Hey guys thanks for helping first of all...now the gateway thing i did was just for show, i don't in fact have anything put in their i just used the 0's to examplify that...so this is what the internal nic looks like

IP: 192.x.x.254

And on that rule the outbound DNS is just a name...the rule is right, correct?

because i understand it that DNS is allowed from my DNS server to external...am i wrong?...and just to make sure im not missing something...i have a 5 sticky static ip address and on the modem i pretty much have it set to pppoe then to bypass the public (i think, its telnet and i hate to say it but i just get GUI better) anyway, i have dns configured on it, would that casue problems?...also its funny my default GW is .185 and i make the external ip .186 and add all through .190 on the addtional ip addresses, but the only ones that respond are... .187-.190                  
.186 doesn't work

hope this helps...i actually had to revert my setup last night so i am fixing to start testing again...so if you guys could be close i would appreciate it...anyway again thanks for the help
lacunabridgeAuthor Commented:
im a freaking idiot, i obviously have work to do on my ip setup...after typing what i just wrote i realized that hey maybe if .186 isn't listening then how the hell is the dns going to get back in, so i change it to 186 and boom everything works...well maybe i don't completely understand it, but thats a different post all together

thanks for all your help guys...unless anyone has any helpful comments from here i will distribute the points to you guys for helping
lacunabridgeAuthor Commented:
ok maybe i jumped the gun...i may need help with my ip scheme more than anything...after i saw it worked i made a phone call then when i got back it was broken again...so i obviosuly didn't give it enough time for the changes to take affect...so im back to where i started...any ideas?

thanks guys
lacunabridgeAuthor Commented:
Ok i called my isp and they defenatly see something wrong...so ill keep you posted
lacunabridgeAuthor Commented:
ok, it turns out that it was in fact an issue with the ip scheme and my isp...they are working on it but i have a functional system for the most part

thanks for your input guys, i appreciate it
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now