DNS - Need help

I have two ISA 2000 Enterp. SP3. One is also VPN server. I read that we don't
must have DNS service install.

I have this scenario, the Firewall 1 has 2 NICs, one is internal, the other
is external.

I have a ADSL router with public IP connect to this server with internal IP
192.168.2.10.

My settings, internal NIC are:

172.22.23.14
255.255.0.0

DNS: 172.22.23.4 - one of DC's and also DNS
192.168.2.10 - our router IP


External: 192.168.2.1
255.255.255.0
192.168.2.10

DNS: 192.168.2.1

Because security reasons this is only a workgroup computer is not member
server of our domain.

Do I need to install DNS service?

Is this configuration OK?

Thanks in advance.

The normal practice would be to have *all* machines on the LAN along with
the ISA Servers use the internal AD/DNS for the DNS.

The AD/DNS server then needs to be granted anonymous permission at the
Firewall and/or ISA to make outbound DNS Queries

The AD/DNS Server would use the ISP's DNS IP# in the Forwarders List within
the DNS Service's Configuration.

On the Firewall and/or ISA the AD/DNS IP# would be used for the DNS on the
LAN facing Nic. The external facing Nic would have a blank DNS entry.

The exception would be if there is a Back-to-Back DMZ then the outermost
firewall would not need any DNS "settings" at all or would just use the
ISP's DNS. It would not be aware of the names of internal machines on the
LAN and probably would not need any reason to.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

"José Almeida" <(E-Mail Removed)> wrote in message
newsAF8CAF7-1C9E-45ED-BB72-(E-Mail Removed)...
>I have two ISA 2000 Enterp. SP3. One is also VPN server. I read that we
>don't
> must have DNS service install.
>
> I have this scenario, the Firewall 1 has 2 NICs, one is internal, the
> other
> is external.
>
> I have a ADSL router with public IP connect to this server with internal
> IP
> 192.168.2.10.
>
> My settings, internal NIC are:
>
> 172.22.23.14
> 255.255.0.0
>
> DNS: 172.22.23.4 - one of DC's and also DNS
> 192.168.2.10 - our router IP
>
>
> External: 192.168.2.1
> 255.255.255.0
> 192.168.2.10
>
> DNS: 192.168.2.1
>
> Because security reasons this is only a workgroup computer is not member
> server of our domain.
>
> Do I need to install DNS service?
>
> Is this configuration OK?
>
> Thanks in advance.