Solved

DNS ISSUES ON ISA2004

Posted on 2009-05-19
10
254 Views
Last Modified: 2012-05-07
I got a problem with a client of myne where clients can't use internet explorer to view certian website including www.microsoft.com, use firefox and it works. When I check the dns on my ISA server I get the following result:

C:\Documents and Settings\Administrator.DSBAD>ping www.microsoft.com
Ping request could not find host www.microsoft.com. Please check the name and tr
y again.

C:\Documents and Settings\Administrator.DSBAD>nslookup
Default Server:  rndf-ip-dns-4.saix.net
Address:  196.43.42.190

www.microsoft.com
Server:  rndf-ip-dns-4.saix.net
Address:  196.43.42.190

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Addresses:  65.55.21.250, 65.55.12.249
Aliases:  www.microsoft.com, toggle.www.ms.akadns.net
          g.www.ms.akadns.net

>


Any ideas?
0
Comment
Question by:technolutions
  • 6
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24422861
Are your clients SNAT Clients or they are using ISA2004 as a proxy server.
This would decide whether the clients are themselves trying to resolve names or letting ISA to do the name resolution.
0
 

Author Comment

by:technolutions
ID: 24424294
They are using ISA as their proxy server.
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24424637
Well, then try resolving these names frmo ISA. Is ISA pointing to local DNS for Name Resolution or ISP? Have you tried replacing the ISP DNS with 4.2.2.2 to see if that helps etc.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:technolutions
ID: 24424981
That cmd dump is from the ISA server, i tried putting in multiple other DNS servers without any luck. I really don't understand this, when I ping www.microsoft.com it doesnt come back with an IP but when I do a NSLOOKUP it does?
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24425544
Can you give me the IPconfig/all of your ISA Server. Remove the extra information. Keep the internal information.
0
 

Author Comment

by:technolutions
ID: 24428786
Windows IP Configuration

   Host Name . . . . . . . . . . . . : ******
   Primary Dns Suffix  . . . . . . . : dsbad.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : dsbad.local

Ethernet adapter External:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : D-Link DGE-528T Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : 00-1E-58-**-**-**
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : 196.15.***.***
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 196.15.***.***
   DNS Servers . . . . . . . . . . . : 196.43.42.190
                                       196.43.34.190

Ethernet adapter Internal:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connec
tion
   Physical Address. . . . . . . . . : 00-1C-C0-**-**-**
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.8


10.0.0.8 is our internal DNS server
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24431396
Do you have a rule which allows the Local Host to go out and connect to the Internet.
Looking at the initial comment, it seems ISA can GO out. At the NSLookup, type Server 10.0.0.8 and then type Microsoft.com

Is your Internal Server able to resolve DNS names?

Also, have you allowed only HTTP and FTP frmo inside out or all protocols. Atleast add DNS for the Domain Controller so that it can send DNS Queries out.
Also, go into NCPA.CPL and then Advance Properties. Try and switch the NIC Order. Add 4.2.2.2 as a Additional Server in the ISA. Add it in Internal DNS Forwarders as well.
0
 

Author Comment

by:technolutions
ID: 24431658
When I do the NSLOOKUP it times out as well. I double checked my rules and DNS is definitly allowed. I added 4.2.2.2 and played with the order but still no change.
0
 
LVL 12

Accepted Solution

by:
Amit Bhatnagar earned 500 total points
ID: 24431709
Which meand your internal DNS Server is NOT able to go out. Whatever Internet that you are getting, is through the proxy. I think, if we resolve this..we should be able to fix this issue. Is your internal DNS Server pointing to the ISA for the Default Gateway. Do you have any otherfirewall besides ISA in your network? What are you using in your DNS...Forwarders or Roothints to resolve the names..
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
ID: 24451038
Thanks for accepting the answer. Can you please share the solution as well in case it got resolved so that others can benefit from it..:)

Regards,
Amit Bhatnagar.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New firewall implementation guidance 12 90
Cannot Change Local DNS 9 63
Additional DC vs Child Domain 12 42
Urgent Help dns, clock issues nightmare 71 28
This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question