Announcement

Collapse
No announcement yet.

Problem:DNS can't resolve or Ping external websites

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem:DNS can't resolve or Ping external websites

    Dear Friends

    I have 2 internal DNS both of them can't ping or resolve external websites names

    1- I have isa 2006 configured with Role to allow DNS from internal to external and from external to internal

    2-System policy is configured to enable DNS to all networks and local host

    3-Internal DNS is configured with forwards to my ISP

    I can bing and resolve external websites from my ISA server only

    So what is wrong ???







  • #2
    Re: ProblemNS can't resolve or Ping external websites

    Wow large images... but a couple of things to do.
    1) Allow only traffic from internal to external. Visa versa won't work since you need to publish it unless you are routing the traffic instead of using NAT.
    2) how are your nics configured on your ISA server?
    3) Does your DNS server has a default gateway and if he belong to an other subnet did you configured staic routes on your ISA server?
    4) It's a good idea (and practise) to limit the protocols which would be allowed from your internal network.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ProblemNS can't resolve or Ping external websites

      1- NIC is configured as internal with ip 10.232.3.200 and 255.255.255.0 without gatway and the DNS is my internal DNS

      External NIC with ip 192.168.1.6 , 255.255.255.0 and gatway 192.168.1.1 and the DNS is my ISP DNS


      2- yes my DNS has a default gatway and located in another VLAN and it's ip 10.232.10.5 and ISA server is configured with static route

      Comment


      • #4
        Re: ProblemNS can't resolve or Ping external websites

        you should assign your ISP given IP address to your External Nic.

        can you ping public IP (for eg. google dns 8.8.8.8 ) from ISA?

        try following this guide on how to allow dns forwarding on ISA --> http://www.elmajdal.net/ISAServer/In...orwarding.aspx
        Last edited by dringkoy; 16th May 2010, 08:22.

        Comment


        • #5
          Re: ProblemNS can't resolve or Ping external websites

          Today i tryed Real Ip 87.93.192.8
          The same problem
          Internal DNS cn't resolve or ping websites
          Last edited by amgadreyad; 16th May 2010, 10:29.

          Comment


          • #6
            Re: ProblemNS can't resolve or Ping external websites

            Your External NIC of your ISA server should not have any DNS servers configured. Remove them.
            Second, I think you have a routing issue or your internal network object (configuration --> Networks --> rightclick Internal) does not contain all your internal networks.
            Ping (or ICMP) should be opened on the ISA sever if you want to allow this.. but this is not necessary..
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: ProblemNS can't resolve or Ping external websites

              thank you Dumber
              But without DNS on External NIC there is no internet access at all
              My internal network is configured 10.232.0.0 255.255.0.0 as i have 20 VLAN fron 10.232.2.0/24 to 10.232.20.0/24

              Comment


              • #8
                Re: ProblemNS can't resolve or Ping external websites

                Can you show a route print?
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: ProblemNS can't resolve or Ping external websites

                  What's your NIC binding order as well? Dumber is 100% correct regarding no DNS servers on the external interface - it's the starting point for every ISA issue and causes more problems than you would believe if the NICs are wrongly configured.

                  The DNS rule is not necessary anyway - your internet access rule allows all outbound from internal and Local Host to External, and DNS should be allowed by the system policy.
                  BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                  sigpic
                  Cruachan's Blog

                  Comment


                  • #10
                    Re: ProblemNS can't resolve or Ping external websites

                    Anyhow, he schould configure his network correctly. I'm sure this is the isses he faces.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: ProblemNS can't resolve or Ping external websites

                      Ok, I tried explaining a bit more over here... hopefully it help you out, else it's a good start.
                      http://blog.nessus.nl/416/how-you-sh...r-isa-and-tmg/
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: ProblemNS can't resolve or Ping external websites

                        Thank you my friends for your help

                        this is the route print from ISA



                        and thhis is the requist time out from my internal DNS



                        and here the DNS problem which appears when removing the DNS from the External NIC

                        Comment


                        • #13
                          Re: ProblemNS can't resolve or Ping external websites

                          And how does your internal network looks like (Configuration --> Networks --> properties internal)?
                          And what is the route print of the DNS server and it's gateway?
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: ProblemNS can't resolve or Ping external websites

                            Also try removing the forwarders from the DNS server and just use Root Hints.
                            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                            sigpic
                            Cruachan's Blog

                            Comment


                            • #15
                              Re: ProblemNS can't resolve or Ping external websites

                              A lookup on the error code indicates it may be a temporary issue and it may clear by itself. http://msdn.microsoft.com/en-us/libr...68(VS.85).aspx
                              Caesar's cipher - 3

                              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                              SFX JNRS FC U6 MNGR

                              Comment

                              Working...
                              X