asked on
TMG ISP Redudancy and DNS
Hello Experts,
actually this is the continuation of my previous question
Hello,
I have installed TMG with 3 NICs such as ISP1, ISP2 and Internal
I configured the ISP1 and ISP2 interfaces with IP addresses and default gateways and
configured internal NIC with IP address, but no Default Gateway.
I installed DNS service on TMG and configured the forwarders pointing to ISP DNS servers.
Finally Internal NIC DNS configuration as follows
Primary : 127.0.0.1
Alternative: Internal AD DNS servers
Configured persistent routes
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.0.0.0 255.0.0.0 10.1.2.1 1 ( Internal LAN)
1.1.1.1 255.255.255.255 192.168.5.1 2 ( ISP1 DNS Server)
2.2.2.2 255.255.255.255 192.168.4.2 3 ( ISP2 DNS Server)
0.0.0.0 0.0.0.0 192.168.4.2 Default
0.0.0.0 0.0.0.0 192.168.5.1 Default
Suddenly I started facing a problem that web proxy client receiving a pop up Authentication Required.
I tried nslookup on TMG server for my domain domain but cannot resolved.
I would highly appreciate any help.
Thanks
actually this is the continuation of my previous question
Hello,
I have installed TMG with 3 NICs such as ISP1, ISP2 and Internal
I configured the ISP1 and ISP2 interfaces with IP addresses and default gateways and
configured internal NIC with IP address, but no Default Gateway.
I installed DNS service on TMG and configured the forwarders pointing to ISP DNS servers.
Finally Internal NIC DNS configuration as follows
Primary : 127.0.0.1
Alternative: Internal AD DNS servers
Configured persistent routes
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.0.0.0 255.0.0.0 10.1.2.1 1 ( Internal LAN)
1.1.1.1 255.255.255.255 192.168.5.1 2 ( ISP1 DNS Server)
2.2.2.2 255.255.255.255 192.168.4.2 3 ( ISP2 DNS Server)
0.0.0.0 0.0.0.0 192.168.4.2 Default
0.0.0.0 0.0.0.0 192.168.5.1 Default
Suddenly I started facing a problem that web proxy client receiving a pop up Authentication Required.
I tried nslookup on TMG server for my domain domain but cannot resolved.
I would highly appreciate any help.
Thanks
Microsoft Forefront ISA ServerNetwork SecurityNetwork Architecture
Last Comment
Techrunner
You don't particularly need DNS server to be installed on the TMG if you only want it to resolve hostnames for web clients.
The TMG server will use the DNS server addresses you configure on the internal NIC (or External NIC) to resolve URLs on the client's behalf. The DNS server is only necessary if you want to forward internal URLs to your internal hosts/DNS servers.
The TMG server will use the DNS server addresses you configure on the internal NIC (or External NIC) to resolve URLs on the client's behalf. The DNS server is only necessary if you want to forward internal URLs to your internal hosts/DNS servers.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Sir,
What is your recommedation for DNS ? Actually I dont keep any ISP's DNS server forwarder on my internal DNS server
Thanks
What is your recommedation for DNS ? Actually I dont keep any ISP's DNS server forwarder on my internal DNS server
Thanks
Your internal DNS server should use your ISP DNS servers as forwarders to ensure you get a fast response. You don't have to use forwarders though, but if you don't you must use the Root servers or you won't resolve any external URLs.
ASKER
How about this if I configure a conditional forwarder on TMG server and to forward DNS request to internal DNS Server which is responsible for AD.
If you need internal clients to get to internal web sites then that's fine as the TMG will be proxying, but if you don't need any internal clients to get to internally-hosted websites there's not much point in running DNS on the TMG unless you want to manipulate URLs (block access to sites using DNS, etc).
ASKER
So far now everything is working.
Just a summary
- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS
Primary : 127.0.0.1 ( local host TMG
Alternative: Internal DNS servers.
Just a summary
- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS
Primary : 127.0.0.1 ( local host TMG
Alternative: Internal DNS servers.
ASKER
Thanks craigbeck Its working fine.
But just facing some slowness browser though I have only 1 user connected
ISP1 Leased Line 15MB
ISP2 DIA 10MB
Thanks
But just facing some slowness browser though I have only 1 user connected
ISP1 Leased Line 15MB
ISP2 DIA 10MB
Thanks
ASKER
Sir,
I posted a new question with a new design. Please can you help in this.
https://www.experts-exchange.com/questions/28339114/internet-Failover-Inbound-and-Outbound.html
Thanks
I posted a new question with a new design. Please can you help in this.
https://www.experts-exchange.com/questions/28339114/internet-Failover-Inbound-and-Outbound.html
Thanks
ASKER
Thanks :)
When I am trying to rejoin, it says the domain name cannot be resolved and the failed to join to domain
Still the interface and route configuration remain as mentioned above.
Thanks