Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

This article describes how to publish a Domain Name System (DNS) server by using Internet Security and Acceleration (ISA) Server.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 291662 - Last Review: May 19, 2004 - Revision: 2.1

How to publish Domain Name System servers with Internet Security and Acceleration Server

View products that this article applies to.
This article was previously published under Q291662

On This Page

SUMMARY

This article describes how to publish a Domain Name System (DNS) server by using Microsoft Internet Security and Acceleration (ISA) Server.
Back to the top

MORE INFORMATION

There are two possible scenarios for DNS hosting:
Back to the top

Scenario 1: DNS hosting with a DNS Server on ISA Server

By default, ISA Server includes a predefined DNS query packet filter: 
   Name: DNS Filter
   Filter Type: Predefined
   Protocol: UDP
   Direction: Send Receive
   Local Port: All ports
   Remote Port: Fixed port, 53
   Local Computer: Default IP address on the External interface(s)
   Remote Computer: All Remote Computers
Because the direction of the preceding packet filter is "Send Receive" with Remote port 53, the filter enables ISA Server to send DNS queries to an external DNS server that listens on User Datagram Protocol (UDP) port 53 and receives responses to these queries.

The filter does not enable incoming DNS queries to ISA Server. When you host a DNS server for external client computers, you must add a custom DNS packet filter that can enable incoming DNS queries to be received by the DNS server. An example of such a packet filter is: 
   Name: DNS Query
   Protocol: UDP
   Direction: Receive Send
   Local Port: Fixed port, 53
   Remote Port: All ports
   Local Computer: Default IP address on the External interface(s)
   Remote Computer: All Remote Computers
Unlike DNS queries which use UDP protocol, DNS zone transfers between primary and secondary DNS servers use Transmission Control Protocol (TCP) protocol. If you require a DNS zone transfer to a secondary DNS server on the external network adapter of ISA Server, you must create another custom packet filter, such as: 
   Name: DNS Zone transfer (In)
   Protocol: TCP
   Direction: Inbound
   Local Port: Fixed port, 53
   Remote Port: All ports
   Local Computer: Default IP address on the External interface(s)
   Remote Computer: All Remote Computers
				
   Name: DNS Zone transfer (Out)
   Protocol: TCP
   Direction: Outbound
   Local Port: Allports
   Remote Port: Fixed port, 53
   Local Computer: Default IP address on the External interface(s)
   Remote Computer: All Remote Computers
To prevent DNS zone transfers to unauthorized DNS servers, you must set the DNS server to enable zone transfers only to the specified DNS servers, or you can modify the preceding packet filter so that the specified remote computer is the Internet Protocol (IP) address of the secondary DNS server, instead of "All Remote Computers". For more details on DNS zone transfers, refer to Windows 2000 online Help.
Back to the top

Scenario 2: DNS Server on the private network of ISA Server

To enable a DNS server on the private network of ISA Server to resolve DNS queries for clients on the network adapter of ISA Server, you must create a DNS Publishing rule:
  1. Right-click Server Publishing Rule, click New, and then click Rule.
  2. Type in a name for the Server Publishing rule, and then click Next.
  3. Enter the IP addresses of the internal DNS server and the external interface of ISA Server, and then click Next.
  4. Click DNS Query Server as the protocol, and then click Next.
  5. Apply the rule to Any Request, click Next, and then click Finish.
If you require DNS zone transfer to a secondary DNS server on the network adapter of ISA Server, you must create another Server Publishing rule. Use the same general guidelines as the preceding DNS Query rule and select "DNS zone transfer" as the protocol.
Back to the top
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
Back to the top
Keywords: 
kbenv kbhowto KB291662
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting