Re: DNS problems going out
- From: "ZVR" <nospamever@xxxxxx>
- Date: Thu, 28 Jul 2005 09:51:01 -0400
It looks like your configuration is correct now... Only two things I can
think of:
1) Did you enable the DNS server on both interfaces?
2) I assume you already have an access rule through your Netscreen device
that allows outbound DNS queries? (Similar to the rule you need to have on
the ISA itself)
Virgil
"ITFC ADMIN" <noneedtoreply@xxxxxxxxxxxxx> wrote in message
news:8KidnQ1-KeWeQHXfRVnysA@xxxxxxxxxxxx
> HI Virgil thanks for the Reply
>
> This is really strange because sometimes it works then it drops out and
> doesent work
> The answers to your questions are
>
> 1. I am using the back firewall template as we are already behind a
> netscreen hardware firewall
>
> 2. Yes i have given it an address from the netscreen screen range with the
> netscreen as a default gateway
>
> 3. Yes that is the internal Nic address
>
> 4. Yes the only Ip's in that list are 10.8.0.0 - 10.8.0.255 and 10.8.1.0 -
> 10.8.1.255 and 10.255.255.255
>
> I did have a default gateway on the internal nic which i have now removed
> and put the internal nic at the top of the list in network properties
> after reading up on some documents
>
>
> Thanks Again.
>
> "ZVR" <nospamever@xxxxxx> wrote in message
> news:su6dnSYdn-4USHXfRVn-gA@xxxxxxxxxxxxx
>> You enable the DNS server on both interfaces from the DNS Server
>> management console. Just right click on the server's name/ip, choose
>> Properties, and in the Interfaces tab choose the "Listen on all IP
>> addresses" option.
>>
>> Also, from looking at your log, it appears that the packets cannot travel
>> to the destination. In order to help you, can you provide answers to the
>> following questions:
>>
>> 1) Is your ISA machine an edge-firewall, i.e. does it control the access
>> between your LAN and the Internet?
>>
>> 2) Do you have a valid (routable) IP address on the external interface?
>> If yes, do you have the proper gateway set on the external interface?
>>
>> 3) Is the IP address from the log (10.8.0.55) corresponding to your
>> internal interface on the ISA Server?
>>
>> 4) Do you have the proper setting for the Internal network? (in the
>> Configuration - Networks node). Only the LAN IP addresses should be
>> listed there.
>>
>> Virgil
>>
>>
>>
>> "ITFC ADMIN" <noneedtoreply@xxxxxxxxxxxxx> wrote in message
>> news:oZ6dnR8jT5L8U3XfRVnysw@xxxxxxxxxxxx
>>> Hi Still having problems based on the below
>>> I cant figure out the fisrt bit ie. Where do i enable dns server on both
>>> interfaces on ISA 2004 or Dns mmc Should it be a published server in ISA
>>> or a Firewall rule
>>> I have done the 2nd bit ok
>>>
>>> this is the log entry i get when it is denied
>>>
>>> Original Client IP Client Agent Authenticated Client Service Server Name
>>> Referring Server Destination Host Name Transport MIME Type Object Source
>>> Source Proxy Destination Proxy Bidirectional Client Host Name Filter
>>> Information Network Interface Raw IP Header Raw Payload Source Port
>>> Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code
>>> Cache Information Error Information Log Record Type Log Time Destination
>>> IP Destination Port Protocol Action Rule Client IP Client Username
>>> Source Network Destination Network HTTP Method URL
>>> 10.8.0.55 NEMESIS - UDP - - 10.8.0.55 19508 0 0 0 0xc004002d
>>> FWX_E_UNREACHABLE_ADDRESS 0x0 0x0 Firewall 28/07/2005 13:13:06
>>> 193.203.80.90 53 DNS Denied Connection 10.8.0.55 Local Host
>>> External - -
>>>
>>>
>>> "ZVR" <nospamever@xxxxxx> wrote in message
>>> news:Up-dnW_qVYhgXXXfRVn-hg@xxxxxxxxxxxxx
>>>> From your description I gather you have ISA2004. For this to work you
>>>> need to:
>>>>
>>>> 1) Enable the DNS server on both interfaces (internal AND external)
>>>> 2) Create an access rule that allows access from "LocalHost" to
>>>> "Anywhere" for protocol "DNS" (NOT "DNS server"), for "All Users"
>>>>
>>>> You should not be worried about enabling the DNS server on the external
>>>> interface, since you won't have an allow rule to grant access to it
>>>> from outside.
>>>>
>>>> Virgil
>>>>
>>>>
>>>>
>>>> "ITFC ADMIN" <noneedtoreply@xxxxxxxxxxxxx> wrote in message
>>>> news:-6qdnRu4k6PBInXfRVnyhg@xxxxxxxxxxxx
>>>>> Hi,
>>>>>
>>>>> So have fianlly got some sort of server running but i am having a
>>>>> major problem with DNS
>>>>>
>>>>> I am running a dns server on my ISA box which resolves external
>>>>> addreses, The problem is that dns is listening on the Internal NIC
>>>>> 10.8.0.X for the clients
>>>>> but it is not resolving addresses all i can see is denied connection
>>>>> in the ISA log viewer when it tries to resolve externally.
>>>>>
>>>>> i can confirm that i have only 1 dns server on the Internal nic (its
>>>>> local address) The external does not have one
>>>>>
>>>>> I have created a rule that allows dns from local host to external -
>>>>> gets denied
>>>>> i have created a dns server rule - this works ok except for when it
>>>>> needs to go out side
>>>>>
>>>>> Am i doing anything wrong I have looked at several articles and i
>>>>> think i have done it right.
>>>>>
>>>>> Any advice appreciated
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: DNS problems going out
- From: ITFC ADMIN
- Re: DNS problems going out
- References:
- DNS problems going out
- From: ITFC ADMIN
- Re: DNS problems going out
- From: ZVR
- Re: DNS problems going out
- From: ITFC ADMIN
- Re: DNS problems going out
- From: ZVR
- Re: DNS problems going out
- From: ITFC ADMIN
- DNS problems going out
- Prev by Date: Re: DNS problems going out
- Next by Date: Re: Outlook does not download html images
- Previous by thread: Re: DNS problems going out
- Next by thread: Re: DNS problems going out
- Index(es):
Relevant Pages
|
