We help IT Professionals succeed at work.

TMG ISP Redudancy and DNS

809 Views
Last Modified: 2014-01-15
Hello Experts,

actually this is the continuation of my previous question

Hello,

I have installed TMG with 3 NICs such as ISP1, ISP2 and Internal

I configured the ISP1 and ISP2 interfaces with IP addresses and default gateways and

configured internal NIC with IP address, but no  Default Gateway.

I installed DNS service on TMG and configured the forwarders pointing to ISP DNS servers.

Finally Internal NIC DNS configuration as follows

Primary : 127.0.0.1

Alternative: Internal AD DNS servers

Configured persistent routes

=============================================================
Persistent Routes:
  Network Address          Netmask             Gateway Address  Metric
         10.0.0.0               255.0.0.0                      10.1.2.1            1                  ( Internal LAN)
          1.1.1.1            255.255.255.255             192.168.5.1       2                   ( ISP1 DNS Server)
           2.2.2.2           255.255.255.255             192.168.4.2       3                    ( ISP2 DNS Server)
           0.0.0.0                 0.0.0.0                       192.168.4.2    Default
           0.0.0.0                 0.0.0.0                       192.168.5.1  Default

Suddenly I started facing a problem that web proxy client receiving a pop up Authentication Required.

I tried nslookup on TMG server for my domain domain but cannot resolved.

I would highly appreciate any help.


Thanks
Comment
Watch Question

Author

Commented:
I uninstall TMG and removed the server from the domain.

When I am trying to rejoin, it says the domain name cannot be resolved and the failed to join to domain

Still the interface and route configuration remain as mentioned above.

Thanks
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
You don't particularly need DNS server to be installed on the TMG if you only want it to resolve hostnames for web clients.

The TMG server will use the DNS server addresses you configure on the internal NIC (or External NIC) to resolve URLs on the client's behalf.  The DNS server is only necessary if you want to forward internal URLs to your internal hosts/DNS servers.
Network Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Sir,

What is your recommedation for DNS ? Actually I dont keep any ISP's DNS server forwarder on my internal DNS server

Thanks
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
Your internal DNS server should use your ISP DNS servers as forwarders to ensure you get a fast response.  You don't have to use forwarders though, but if you don't you must use the Root servers or you won't resolve any external URLs.

Author

Commented:
How about this if I configure a conditional forwarder on TMG server and to forward DNS request to  internal DNS Server which is responsible for AD.
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
If you need internal clients to get to internal web sites then that's fine as the TMG will be proxying, but if you don't need any internal clients to get to internally-hosted websites there's not much point in running DNS on the TMG unless you want to manipulate URLs (block access to sites using DNS, etc).

Author

Commented:
So far now everything is working.

Just a summary

- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS

Primary : 127.0.0.1 ( local host TMG
Alternative: Internal DNS servers.

Author

Commented:
Thanks craigbeck Its working fine.

But just facing some slowness browser though I have only 1 user connected

ISP1 Leased Line 15MB
ISP2 DIA   10MB

Thanks

Author

Commented:
Sir,

I posted a new question with a new design. Please can you help in this.

https://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_28339114.html

Thanks

Author

Commented:
Thanks :)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.