isa server 2004 problems resolving dns names

Posted on 2012-08-14
Last Modified: 2012-08-27
Im using a isa server 2006 running on w2k3 .
The company has purchased a new server, and I have to reinstall the operating system but with ISA 2004.
 Install and configure the ISA 2004 and I started to try from a client.
 http proxy works ok, but i cant use telnet
 Detected that this is because it is not resolving the name.
 If I write telnet "ip" 80 works perfect.
 From the workstation I can connect fine with telnet ip,
Dns servers are not resolving external dns names .
Is not a dns problem because if i change the isa , the resolution works fine again
isa 2006 is disconected .
Two servers has the same ip
if i disconnet isa2k4 and connect isa2k6 everithing works ok
From the isa server 2004 (localhost) everything works ok . I can resolve internet adresses
Question by:hernanv70
    LVL 33

    Expert Comment

    Which servers are your DNS pointing to as forwarders? is it your ISA box OR external DNS Servers?

    Also, verify if ISA is running DNS in cache mode?

    Verify the DNS Settings on NIC of ISA 2006 box.

    LVL 52

    Expert Comment

    For any connection to be able to connect to any server using Internet address it needs to be published ...... now you need to understand how external servers access ISA2006 and get that same information populated on ISA2004.

    Hope all services are running on ISA and only one NIC ?
    DNS Settings on NIC

    - Rancy
    LVL 29

    Accepted Solution

    The very first Rule on any ISA/TMG installation,....right at the top of the Rule List,....must be an Rule that allow anonymnous outbound DNS Queries from the DCs to their Forwarders (or to the Internet in general if using Root Hints).

    The Rule must be:
    1. Anonymous (All Users)
    2. Preferably at the top #1 position on the list
    3. Must use the normal DNS Protocol (not "DNS Server")

    1. Never use the ISA/TMG as a DNSServer
    2. Never run ISA/TMG as any form of DNS cache server
    3. ISA/TMG should be totally devoid of any type of DNS "duties".

    This is no,...and should not be any Publishing
    Nothing from outside should be involved in this in an "inbound" manner.

    A one nic ISA/TMG is a waste of time and money.  It becomes reduced to nothing but a "Web Caching Proxy" and can only process HTTP, HTTPS, and FTP-Over-HTTP,...and it is capable of only "web publishing" for inbound,... but with not much real measurable benefit for doing so.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now