I am about to install ISA server. I have about 30 users and an Active directory acting as a DHCP and DNS. Can I install ISA without DHCP and DNS or they these services are mandatory to be installed on the ISA machine.
I am willing to keep the DNS and the DHCP on the DC.
Any suggestion regarding this issue?
Who is Participating?
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
You should not have DNS as a service provider on ISA at anytime. ISA is a consumer of DNS services, not the provider.
ISA CAN have dhcp services running - in the same way that ANY server can but it is best to handle it seperately.

ISA should use the DNS provided by your internal servers
You will need DNS but not DHCP. ISA needs DNS to do the tracking, filtering, & be able to set up rules, etc.
phantom024Connect With a Mentor Commented:
You can use the DNS server installed on your domain controller but you will need to be sure that ISA has a rule permitting DNS querries from the DC to the IP of you external DNS resolver.

Personally I would recommend that you install the DNS service on ISA and then set the ISA server as the DNS forwareder for you DC, then set the forwarder on the ISA DNS server to forward request to your external DNS resolver.  In doing this you will need to be sure that a rule is setup to permit the DC to send DNS queries to the ISA local host, and then a rule permitting the DNS service on ISA to contact the external DNS server (probably suplied by your ISP).  

DHCP on ISA is not necessary, and I would recommend setting a static IP on the ISA interfaces.
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

I forgot to say that if you want your ISA server to be a domain member that you should use the DNS service on your DC and not on ISA.
Keith AlabasterEnterprise ArchitectCommented:
Sticking to the best-practice guides, the installation manual and the Microsoft courses, DNS should not be installed on the ISA Server.

haaniConnect With a Mentor Commented:
You dont need the DHCP DNS and AD running on the ISA server..its recommended that you dont. Its better to use a seperate machine for ISA and the rest AD and DNS etc..behind  the ISA otherwise they would be vulnerable to attacks, which is one the reasons for using ISA.

So i think the setup you have is ok. DNS DHCP and Active Direcotry on a seperate Server. this can be given as the Primary DNS server for the ISA server and everything should be working fine.
Keith AlabasterEnterprise ArchitectCommented:
Absolutely. Also, don't forget that the ISA external nic must ALSO use the internal dns servers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.