[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 643
  • Last Modified:

ISA, DNS and DHCP

I am about to install ISA server. I have about 30 users and an Active directory acting as a DHCP and DNS. Can I install ISA without DHCP and DNS or they these services are mandatory to be installed on the ISA machine.
I am willing to keep the DNS and the DHCP on the DC.
Any suggestion regarding this issue?
0
pietrosf
Asked:
pietrosf
3 Solutions
 
wantabe2Commented:
You will need DNS but not DHCP. ISA needs DNS to do the tracking, filtering, & be able to set up rules, etc.
0
 
Keith AlabasterCommented:
You should not have DNS as a service provider on ISA at anytime. ISA is a consumer of DNS services, not the provider.
ISA CAN have dhcp services running - in the same way that ANY server can but it is best to handle it seperately.

ISA should use the DNS provided by your internal servers
Keith
0
 
phantom024Commented:
You can use the DNS server installed on your domain controller but you will need to be sure that ISA has a rule permitting DNS querries from the DC to the IP of you external DNS resolver.

Personally I would recommend that you install the DNS service on ISA and then set the ISA server as the DNS forwareder for you DC, then set the forwarder on the ISA DNS server to forward request to your external DNS resolver.  In doing this you will need to be sure that a rule is setup to permit the DC to send DNS queries to the ISA local host, and then a rule permitting the DNS service on ISA to contact the external DNS server (probably suplied by your ISP).  

DHCP on ISA is not necessary, and I would recommend setting a static IP on the ISA interfaces.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
phantom024Commented:
I forgot to say that if you want your ISA server to be a domain member that you should use the DNS service on your DC and not on ISA.
0
 
Keith AlabasterCommented:
Sticking to the best-practice guides, the installation manual and the Microsoft courses, DNS should not be installed on the ISA Server.

Keith
ISA MVP
0
 
haaniCommented:
You dont need the DHCP DNS and AD running on the ISA server..its recommended that you dont. Its better to use a seperate machine for ISA and the rest AD and DNS etc..behind  the ISA otherwise they would be vulnerable to attacks, which is one the reasons for using ISA.

So i think the setup you have is ok. DNS DHCP and Active Direcotry on a seperate Server. this can be given as the Primary DNS server for the ISA server and everything should be working fine.
0
 
Keith AlabasterCommented:
Absolutely. Also, don't forget that the ISA external nic must ALSO use the internal dns servers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now