• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 281
  • Last Modified:

DNS ISSUES ON ISA2004

I got a problem with a client of myne where clients can't use internet explorer to view certian website including www.microsoft.com, use firefox and it works. When I check the dns on my ISA server I get the following result:

C:\Documents and Settings\Administrator.DSBAD>ping www.microsoft.com
Ping request could not find host www.microsoft.com. Please check the name and tr
y again.

C:\Documents and Settings\Administrator.DSBAD>nslookup
Default Server:  rndf-ip-dns-4.saix.net
Address:  196.43.42.190

www.microsoft.com
Server:  rndf-ip-dns-4.saix.net
Address:  196.43.42.190

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Addresses:  65.55.21.250, 65.55.12.249
Aliases:  www.microsoft.com, toggle.www.ms.akadns.net
          g.www.ms.akadns.net

>


Any ideas?
0
technolutions
Asked:
technolutions
  • 6
  • 4
1 Solution
 
Amit BhatnagarCommented:
Are your clients SNAT Clients or they are using ISA2004 as a proxy server.
This would decide whether the clients are themselves trying to resolve names or letting ISA to do the name resolution.
0
 
technolutionsAuthor Commented:
They are using ISA as their proxy server.
0
 
Amit BhatnagarCommented:
Well, then try resolving these names frmo ISA. Is ISA pointing to local DNS for Name Resolution or ISP? Have you tried replacing the ISP DNS with 4.2.2.2 to see if that helps etc.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
technolutionsAuthor Commented:
That cmd dump is from the ISA server, i tried putting in multiple other DNS servers without any luck. I really don't understand this, when I ping www.microsoft.com it doesnt come back with an IP but when I do a NSLOOKUP it does?
0
 
Amit BhatnagarCommented:
Can you give me the IPconfig/all of your ISA Server. Remove the extra information. Keep the internal information.
0
 
technolutionsAuthor Commented:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : ******
   Primary Dns Suffix  . . . . . . . : dsbad.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : dsbad.local

Ethernet adapter External:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : D-Link DGE-528T Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : 00-1E-58-**-**-**
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 196.15.***.***
   DNS Servers . . . . . . . . . . . : 196.43.42.190
                                       196.43.34.190

Ethernet adapter Internal:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connec
tion
   Physical Address. . . . . . . . . : 00-1C-C0-**-**-**
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.8


10.0.0.8 is our internal DNS server
0
 
Amit BhatnagarCommented:
Do you have a rule which allows the Local Host to go out and connect to the Internet.
Looking at the initial comment, it seems ISA can GO out. At the NSLookup, type Server 10.0.0.8 and then type Microsoft.com

Is your Internal Server able to resolve DNS names?

Also, have you allowed only HTTP and FTP frmo inside out or all protocols. Atleast add DNS for the Domain Controller so that it can send DNS Queries out.
Also, go into NCPA.CPL and then Advance Properties. Try and switch the NIC Order. Add 4.2.2.2 as a Additional Server in the ISA. Add it in Internal DNS Forwarders as well.
0
 
technolutionsAuthor Commented:
When I do the NSLOOKUP it times out as well. I double checked my rules and DNS is definitly allowed. I added 4.2.2.2 and played with the order but still no change.
0
 
Amit BhatnagarCommented:
Which meand your internal DNS Server is NOT able to go out. Whatever Internet that you are getting, is through the proxy. I think, if we resolve this..we should be able to fix this issue. Is your internal DNS Server pointing to the ISA for the Default Gateway. Do you have any otherfirewall besides ISA in your network? What are you using in your DNS...Forwarders or Roothints to resolve the names..
0
 
Amit BhatnagarCommented:
Thanks for accepting the answer. Can you please share the solution as well in case it got resolved so that others can benefit from it..:)

Regards,
Amit Bhatnagar.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now