Solved

DNS ISSUES ON ISA2004

Posted on 2009-05-19
10
261 Views
Last Modified: 2012-05-07
I got a problem with a client of myne where clients can't use internet explorer to view certian website including www.microsoft.com, use firefox and it works. When I check the dns on my ISA server I get the following result:

C:\Documents and Settings\Administrator.DSBAD>ping www.microsoft.com
Ping request could not find host www.microsoft.com. Please check the name and tr
y again.

C:\Documents and Settings\Administrator.DSBAD>nslookup
Default Server:  rndf-ip-dns-4.saix.net
Address:  196.43.42.190

www.microsoft.com
Server:  rndf-ip-dns-4.saix.net
Address:  196.43.42.190

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Addresses:  65.55.21.250, 65.55.12.249
Aliases:  www.microsoft.com, toggle.www.ms.akadns.net
          g.www.ms.akadns.net

>


Any ideas?
0
Comment
Question by:technolutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24422861
Are your clients SNAT Clients or they are using ISA2004 as a proxy server.
This would decide whether the clients are themselves trying to resolve names or letting ISA to do the name resolution.
0
 

Author Comment

by:technolutions
ID: 24424294
They are using ISA as their proxy server.
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24424637
Well, then try resolving these names frmo ISA. Is ISA pointing to local DNS for Name Resolution or ISP? Have you tried replacing the ISP DNS with 4.2.2.2 to see if that helps etc.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:technolutions
ID: 24424981
That cmd dump is from the ISA server, i tried putting in multiple other DNS servers without any luck. I really don't understand this, when I ping www.microsoft.com it doesnt come back with an IP but when I do a NSLOOKUP it does?
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24425544
Can you give me the IPconfig/all of your ISA Server. Remove the extra information. Keep the internal information.
0
 

Author Comment

by:technolutions
ID: 24428786
Windows IP Configuration

   Host Name . . . . . . . . . . . . : ******
   Primary Dns Suffix  . . . . . . . : dsbad.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : dsbad.local

Ethernet adapter External:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : D-Link DGE-528T Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : 00-1E-58-**-**-**
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 196.15.***.***
   DNS Servers . . . . . . . . . . . : 196.43.42.190
                                       196.43.34.190

Ethernet adapter Internal:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connec
tion
   Physical Address. . . . . . . . . : 00-1C-C0-**-**-**
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.8


10.0.0.8 is our internal DNS server
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24431396
Do you have a rule which allows the Local Host to go out and connect to the Internet.
Looking at the initial comment, it seems ISA can GO out. At the NSLookup, type Server 10.0.0.8 and then type Microsoft.com

Is your Internal Server able to resolve DNS names?

Also, have you allowed only HTTP and FTP frmo inside out or all protocols. Atleast add DNS for the Domain Controller so that it can send DNS Queries out.
Also, go into NCPA.CPL and then Advance Properties. Try and switch the NIC Order. Add 4.2.2.2 as a Additional Server in the ISA. Add it in Internal DNS Forwarders as well.
0
 

Author Comment

by:technolutions
ID: 24431658
When I do the NSLOOKUP it times out as well. I double checked my rules and DNS is definitly allowed. I added 4.2.2.2 and played with the order but still no change.
0
 
LVL 12

Accepted Solution

by:
Amit Bhatnagar earned 500 total points
ID: 24431709
Which meand your internal DNS Server is NOT able to go out. Whatever Internet that you are getting, is through the proxy. I think, if we resolve this..we should be able to fix this issue. Is your internal DNS Server pointing to the ISA for the Default Gateway. Do you have any otherfirewall besides ISA in your network? What are you using in your DNS...Forwarders or Roothints to resolve the names..
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24451038
Thanks for accepting the answer. Can you please share the solution as well in case it got resolved so that others can benefit from it..:)

Regards,
Amit Bhatnagar.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question