Internal DNS Forwarding Through ISA Server 2004/2006
[LEFT][CODE]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding.aspx[/CODE]
[FONT=Arial][B]Configuration on DNS Server[/B]
[FONT=Arial] [/FONT][/FONT]
[LIST=1][*] [FONT=Arial][SIZE=2]Click [B]Start[/B], point to [B]Administrative Tools[/B], and then click [B]DNS[/B].
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/Open_DNS.JPG[/IMG]
[/SIZE][/FONT][*] [FONT=Arial][SIZE=2]Right-click [B]DNS-SRV[/B] [B]( ServerName )[/B], where [B]ServerName[/B] is the name of the server, and then click the [B]Forwarders[/B] tab.
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/DNS_mngmt.JPG[/IMG]
[/SIZE][/FONT][*] [FONT=Arial][SIZE=2]Click a DNS domain in the [B]DNS domain[/B] list. Or, click [B]New[/B], type the name of the DNS domain for which you want to forward queries in the [B]DNS domain[/B] box, and then click [B]OK[/B].
[/SIZE][/FONT][*] [FONT=Arial][SIZE=2]In the [B]Selected domain's forwarder IP address[/B] box, type the IP address of the first DNS server to which you want to forward, and then click [B]Add[/B].
[/SIZE][/FONT][*] [FONT=Arial][SIZE=2]Repeat step 4 to add the DNS servers to which you want to forward, usually you might have two ISP's DNS server, enter them both.
[/SIZE][/FONT][*] [FONT=Arial][SIZE=2]Click [B]OK
[/B][/SIZE][/FONT][*] The last thing you should do on your [B]DNS Server[/B] is to set it as a [B]Secure Nat Client[/B], this is done by setting its Default Gateway to be ISA Server Internal IP[SIZE=2]
This is all what you have to do on your Internal DNS Server, now lets see what we need to do with ISA Server.[/SIZE]
[SIZE=2] [/SIZE][SIZE=2] [/SIZE][/LIST]
[SIZE=2] [/SIZE] [SIZE=2] [/SIZE]
[SIZE=2] [B]Configuration on ISA Server[/B][/SIZE]
[SIZE=2] [/SIZE]
[LIST][SIZE=2] [*] Open [B]ISA Management Console[/B] [/SIZE][/LIST]
[SIZE=2] [/SIZE]
[LIST][SIZE=2] [*] Create a new Access rule, Right click [B]Firewall Policy [/B], then click on [B]New[/B] then choose[/SIZE][B] [SIZE=2]Access Rule[/SIZE][/B][/LIST]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/New_Access_Rule.JPG[/IMG]
[LIST][*] [SIZE=2]The [B]New Access Rule Wizard[/B] will be launched, give a name to your new rule , in this example we will name it [B]Forward DNS To ISP[/B], then click [B] Next[/B]
[/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/rule_dns_to_isp.JPG[/IMG][/LIST]
[LIST][*] [SIZE=2]In the [B]Rule Action[/B] page, choose [B]Allow[/B], then click [B] Next
[/B][/SIZE][SIZE=2] [*] In the [B]Protocols[/B] page, From the drop down list of [B]This Rule Applies To[/B], choose[/SIZE][B] [SIZE=2]Selected Protocols[/SIZE][/B]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/New_Access_Rule_Wizard_protocol.JPG[/IMG]
[SIZE=2]click on [B]Add[/B] button, the [B]Add Protocol[/B] page will open, expand the [B]Infrastructure [/B]container[B], [/B]choose the [B]DNS[/B] protocol and click on [B]Add[/B] , then click [/SIZE][B] [SIZE=2]Close[/SIZE][/B]
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/rule_select_dns_protocols.JPG[/IMG]
[SIZE=2]The selected protocol will be displayed in the [B] Protocols[/B] page, click Next[/SIZE]
[*][FONT=Arial] On the [B]Access Rule Sources[/B] page, click the [B] Add[/B] button. In the [B]Add Network Entities[/B] dialog box, from the Menu Bar, click on [B]New [/B] and choose[B] Computer .
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/computer_object_browse.JPG[/IMG]
[/B] The [B]New Computer Rule Element[/B] page will open, click on the [B]Browse[/B] button, [/FONT] then write your Internal DNS server name in the
first [FONT=Arial] textbox under[B] Name[/B], and click on [B]Find[/B], the IP address of the DNS server will be listed. Click ok [B]OK
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/computer_object_find.JPG[/IMG]
[/B]You[/FONT] will return back to the [B]New Computer Rule Element[/B] [FONT=Arial] page, click on [B]OK
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/computer_object_find_2.JPG[/IMG]
[/B][/FONT][*][SIZE=2]click on the [B]Computers [/B]folder. Double click on the [B]DNS-SRV[/B], then click the [B]Close[/B] button in the [B]Add Network Entities[/B] dialog box. Click [B]Next[/B] in the [B] Access Rule Sources[/B] dialog box.[/SIZE][B]
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/computer_object_select.JPG[/IMG]
[/B][*][SIZE=2]Click the [B]Add[/B] button on the [B]Access Rule Destinations[/B] page. In the [B]Add Network Entities[/B] dialog box, click the [B]Networks[/B] folder. Double click the [B]External[/B] entry and click [B]Close[/B] in the [B]Add Network Entities [/B]dialog box. Click [B]Next[/B] on the [B]Access Rule Destinations[/B] page.[/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/choose_external_network_destination.JPG[/IMG][*] [SIZE=2]On the [B]User Sets[/B] page, accept the default setting of [B]All Users[/B]. [/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/All_Users_Condition.JPG[/IMG][*] [SIZE=2]Review your settings and click [B]Finish[/B] on the [B]Completing the New Access Rule Wizard[/B] page. [/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/review_rule.JPG[/IMG][*][SIZE=2]Click the [B]Apply[/B] button to save the changes and update the firewall policy. [/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/Apply_button.JPG[/IMG][*][FONT=Arial] Your rule will look this :
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/final_rule_1.JPG[/IMG][/FONT]
[*] The rule you have just created will permit your Internal DNS Server to communicate with your ISP's DNS servers, [SIZE=2] [FONT=Arial]now we need to create a rule to allow users to surf the internet, start creating a new [B]Access Rule
[/B][/FONT][/SIZE][*] Right click [B]Firewall Policy [/B], then click on [B]New[/B] then choose [B] Access Rule
[/B][*] Name this rule[FONT=Arial] [/FONT] [FONT=Arial] Allow Internet[/FONT][FONT=Arial][FONT=Arial], then click [B] Next[/B]
[/FONT][/FONT][*] [SIZE=2]In the [B]Rule Action[/B] page, choose [B]Allow[/B], then click [B] Next
[/B][/SIZE][SIZE=2] [*] In the [B]Protocols[/B] page, From the drop down list of [B]This Rule Applies To[/B], choose [B] Selected Protocols[/B], click on the [B]Add [/B] button and from the [B]Common Protocols [/B]folder, choose HTTP, HTTPS, POP3 and SMTP. Click [B]Add[/B] on eachprotocol your choose and once you select them all click on [B]Close[/B]. The protocols will e displayed in the [B]Protocols [/B]page, click[/SIZE][B][SIZE=2]Next[/SIZE]
[/B][IMG]http://www.elmajdal.net/ISAServer/Block_Desired_Extension_Content_Type/Selected_Protocols.JPG[/IMG]
[*][SIZE=2]On the [B]Access Rule Sources[/B] page, click the [B]Add[/B] button. In the [B]Add Network Entities[/B] dialog box, click on the [B]Networks[/B] folder. Double click on the [B]Internal[/B] network, then click the [B]Close[/B] button in the [B]Add Network Entities[/B] dialog box. Click [B]Next[/B] in the [B]Access Rule Sources[/B] dialog box.[/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/choose_internal_network_source.JPG[/IMG][*][SIZE=2]Click the [B]Add[/B] button on the [B]Access Rule Destinations[/B] page. In the [B]Add Network Entities[/B] dialog box, click the [B]Networks[/B] folder. Double click the [B]External[/B] entry and click [B]Close[/B] in the [B]Add Network Entities [/B]dialog box. Click [B]Next[/B] on the [B]Access Rule Destinations[/B] page.[/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/choose_external_network_destination.JPG[/IMG][*][SIZE=2]On the [B]User Sets[/B] page, accept the default setting of [B]All Users[/B]. [/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/All_Users_Condition.JPG[/IMG][*][SIZE=2]Review your settings and click [B]Finish[/B] on the [B]Completing the New Access Rule Wizard[/B] page. [/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Block_Desired_Extension_Content_Type/Review_Rule.JPG[/IMG][*]Now, your rules will look like this:
[IMG]http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding/final_rule.JPG[/IMG][*][SIZE=2]Click the [B]Apply[/B] button to save the changes and update the firewall policy.[/SIZE]
[IMG]http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/Apply_button.JPG[/IMG][/LIST]
[FONT=Arial] [B]Summary[/B]
[/FONT][FONT=Arial]In this article, we learned how to configure our Internal DNS Server to forward request to the ISP's DNS servers, also we learned to create
the necessary rule to allow ISA to allow the DNS communication between the Internal DNS and the ISP DNS[/FONT]
[/LEFT]