setting up DNS

[Stefaan Dewulf]

I'm setting up dns in my network. Internally everth!ing works fine, forward
en reverse lookup zone.

But when I do nslookup of an external address I get a timeout.

My Dns is behind ISA server but there is a protocol rule to allow dns
queries.

In my DNS I put my ISP DNS as forwarders.

On the network card Iput my local DNS as first DNS and then the DNS of my
ISP.

Am I doing something wrong?

My email from my exchange server can't be bind to the destination server in
DNS.

 

[TIM ROBERTS]

On the ISA serve can you do a NSlookup? Its likely thst you have a protocol
rule on ISA that dosent have the DNS sever, dns query and the there two more
I can recall of the top of my head.
On ISA create a allow all rule, all protocols, all the time and anyone. This
is just for a test. Then restart the web proxy service. Does this work?
The other thing I think it could be is that your using you are using Site
and Content rules that apply to goups and since the DNS server is not logon
to as spefic account you might have to use a client set that includes the
dns server. How is the ISA server installe? intergated with two Nic or
caching one Nic?

..

 

[Stefaan Dewulf]

On my ISA server I'm able to do nslookup. On my dns I can ping the DNS of my
ISP. So I don't think it is a problem on my ISA server.

It is installed in integrated mode, 2 nic's, an allow rule for dns query's
and zone transfer based on a client address set for my exchange server.

 

[Stefaan Dewulf]

I forgot my allow rule to all destination for my client address set

 

[Danny Sanders]

The only place your ISP's DNS server should be listed is as a forwarder on
the DNS servers. Internally all clients should point to your internal DNS
server only.

hth
DDS W 2k MVP MCSE

 

[Herb Martin]

I'm setting up dns in my network. Internally everth!ing works fine,
forward

en reverse lookup zone.
But when I do nslookup of an external address I get a timeout.

Set your internal DNS servers to forward to your ISP or another internal
DNS server which is allowed to search the Internet.

My Dns is behind ISA server but there is a protocol rule to allow dns
queries.

Are you using the internal servers to perform all actual recursion from the
top down of the Internet namespace (with root hints/cache file)?

In my DNS I put my ISP DNS as forwarders.

From the DNS server can you run NSLookup and query THOSE ISP
DNS servers (if not, then you likely cannot forward to them either.)

Checking with nslookup FROM the DNS server eliminates many of the
complications of trying from the client.

On the network card Iput my local DNS as first DNS and then the DNS of my
ISP.

NEVER DO THIS.

Am I doing something wrong?

Yes -- your clients INCLUDING your DNS servers should never list but ONE
(SET OF) DNS servers on their NICs -- even if they have multiple NICs.

All listed DNS servers should be INTERNAL or you will get unreliable results
at best.

Point all DNS clients (including DNS and AD servers) at the INTERNAL DNS;
let the internal DNS forward.

Use nslookup and troubleshoot the ISA and other issues to make sure that the
internal DNS can really forward.

 

[TIM ROBERTS]

If you go to the DNS server and type nslookup
Do we get the default server listed?
if we then type set type =all then enter
then type set d2 then enter
then type yahoo.com.
Does this resolve?

Is the ISA servers external NIC pointing to the ISP for DNS or back to you
internal DNS Server? If its your ISP than this is why it works on the ISA
server.

What is the Default gateway of the DNS server? Should be the internal ip
address of the ISA.
If you using Client address sets (ip address) is the DNS sever ip in this
set?