Solved

Can't resolve external DNS behind new isa 2006

Posted on 2008-10-08
9
817 Views
Last Modified: 2012-05-05
Ok i am just implementing a new isa 2006 server and i am of course having a problem with dns...here is my setup

DSL-->ISA-->Internal

on isa my internal nic is
ip 192.x.x.254
sub 255.255.255.0
gw 0.0.0.0

DNS 192.x.x.5

My external nic is
ip public address
sub 255.255.255.248
gw same as internal interface of dsl modem\router Netopia 3346-ENT

no dns servers

now ive researched all over and i can't figure out why it doesn't work...i have no forwarders configured (i want to use the root servers)...however when i run a simple and recursive dns query in 2008 the simple passes but the recursive fails

my only rules right now are

Inbound smtp - allow - SMTP Server - External - Exchange server
Web Publish - allow - HTTP - Listener - Web Server
Inbound DNS - allow - DNS - AD DNS Server (my PDC) - External
All Access - Allow - All Outbound - internal,localhost,vpn clients - External

the inbound smtp and http both work so i assume my ip modem setup is correct...i can hit it from all ip addresses i have

there has to be something stupid i am misssing here becasue everyone else i read about found a fix that didn't work for me...please help

thanks
0
Comment
Question by:lacunabridge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 9

Expert Comment

by:cdbeste
ID: 22675681
0
 

Author Comment

by:lacunabridge
ID: 22676022
Yes actually and i wasn't clear on whether or not it meant set both nics dns to the local dns server or just the internal...so i tried both, none of that helped

should i maybe uninstall-reinstall?

thanks
0
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 22676057
192.x.x.5 is your DNS?

if it is , try to add forwars to it with DNS if your ISP
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 11

Expert Comment

by:EricTViking
ID: 22676324
Your settings look fine except for your internal nic default GW being 0.0.0.0 - this should be blank.

Your internal DNS server is correctly set to point to your internal DNS server, and your external NIC DNS servers should be blank.

You shouldn;t have a problem using root hints (no forwarders), just make sure you allow DNS *outgoing* from your DNS server to external. You mentioned your DNS rule is inbound - should be outbound.
0
 

Author Comment

by:lacunabridge
ID: 22680292
Hey guys thanks for helping first of all...now the gateway thing i did was just for show, i don't in fact have anything put in their i just used the 0's to examplify that...so this is what the internal nic looks like

IP: 192.x.x.254
Sub: 255.255.255.0
GW: BLANK

And on that rule the outbound DNS is just a name...the rule is right, correct?

because i understand it that DNS is allowed from my DNS server to external...am i wrong?...and just to make sure im not missing something...i have a 5 sticky static ip address and on the modem i pretty much have it set to pppoe then to bypass the public (i think, its telnet and i hate to say it but i just get GUI better) anyway, i have dns configured on it, would that casue problems?...also its funny my default GW is .185 and i make the external ip .186 and add all through .190 on the addtional ip addresses, but the only ones that respond are... .187-.190                  
.186 doesn't work

hope this helps...i actually had to revert my setup last night so i am fixing to start testing again...so if you guys could be close i would appreciate it...anyway again thanks for the help
0
 

Author Comment

by:lacunabridge
ID: 22680455
im a freaking idiot, i obviously have work to do on my ip setup...after typing what i just wrote i realized that hey maybe if .186 isn't listening then how the hell is the dns going to get back in, so i change it to 186 and boom everything works...well maybe i don't completely understand it, but thats a different post all together

thanks for all your help guys...unless anyone has any helpful comments from here i will distribute the points to you guys for helping
0
 

Author Comment

by:lacunabridge
ID: 22680499
ok maybe i jumped the gun...i may need help with my ip scheme more than anything...after i saw it worked i made a phone call then when i got back it was broken again...so i obviosuly didn't give it enough time for the changes to take affect...so im back to where i started...any ideas?


thanks guys
0
 

Author Comment

by:lacunabridge
ID: 22681001
Ok i called my isp and they defenatly see something wrong...so ill keep you posted
0
 

Accepted Solution

by:
lacunabridge earned 0 total points
ID: 22683496
ok, it turns out that it was in fact an issue with the ip scheme and my isp...they are working on it but i have a functional system for the most part

thanks for your input guys, i appreciate it
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question