Troubleshooting / Configuring ISA server DNS lookup

I have a ISA 2006 server I need to troubleshoot. Clients on the inside cannot do DNS lookup nor can they reach external websites.

Policies are
- No enterprise policies is applied before array firewall policy
- One deny all policy is applied after array firewall policy
- A long list of policies is aplied as 'Firewall policy rules'

Which plocies needs to be in place to allow a client to perform a DNS lookup on an external DNS?

I've tried to monitor all traffic to the specific DNS. When doing a DNS lookup from the ISA itself I get a fine log entry.

When doing the lookup from a client I get no log entries. Any ideas?

Regards,
Kaare
tecitAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Sounds like a naff installation. please provide an ipconfig /all from the ISA server.
0
tecitAuthor Commented:
The ISA cluster worked just fine undtil last friday where it suddently started loosing 75% og ping packets to the internet.

It's 3 servers running in as an ISA cluster with NLB on the outside interfaces. I've shutdown 2 of the servers and disabled NLB on the third and now the clients can access the internet and make nslookup without problems.

Any ideas on where to look for the NLB error? Cables and switch for the outside interfaces has been tested both physically and logically.

Hope the one server can handle the load during production time tomorrow....

Thanks,
Kaare
0
Keith AlabasterEnterprise ArchitectCommented:
Ah - lol - more information :)
What are the results from the BPA?

If you are not running nlb on the internal interfaces also, how are you setting the default gateways of the clients? All of my installs (where I have used NLB) have had nlb running for both internal and external nics. What are the default gateways of the internal dns servers?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tecitAuthor Commented:
It turned out that our ISP made a change in their router to protect it from the unknown unicasts submittet by the ISA's NLB. We got the cluster up running again by inserting our own router in between the ISA's and the ISP's router.

Thanks for all Your quick responses.
/Kaare
0
Keith AlabasterEnterprise ArchitectCommented:
Welcome & Thanks :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.