DNS is a very important basic service. Many applications are based on DNS services, such as the most commonly used HTTP browser. Many of my friends said they could not access the internet in the Forum. In fact, they could not resolve the FQDN name, that is, there was a problem with accessing the DNS service. If they only used IP addresses for access, for example, QQ would use IP addresses for access, yes. Therefore, when you cannot browse the Web page, you must first distinguish between connection problems and DNS problems. Through this article, you can learn how to build an internal DNS server.
Many scenarios where NAT software is used are usually because the external network card of the gateway obtains the DNS server address of the ISP and can be resolved. However, if an internal customer wants to resolve the DNS name, there are only two methods: 1. Set the DNS address on the internal client to the dns server of the external ISP; 2. Create a DNS server internally, and the internal customer uses the internal DNS server, the internal DNS server is then forwarded to the DNS server of the external ISP. In terms of client efficiency, the first method is better; but in terms of controllability and scalability, as well as network efficiency, the second method is better, especially for environments with a domain, the second method must be used for DNS forwarding. KWF has a DNS forwarder, which is more efficient than Windows DNS servers. It only supports DNS forwarding. ISA does not have a DNS forwarder. However, using the full-featured DNS server in the Windows Server version can perfectly implement internal DNS servers.
Note that you do not need to configure the DNS server when browsing the Web. The reason is that the Web proxy client does not directly access the DNS service when browsing the Web through the ISA Web Proxy service, as long as the ISA Server can resolve the DNS name. However, other non-Web browser access requests from Web Proxy customers will fail if DNS resolution is required. Although the firewall client will also be configured as a Web proxy client by default, the firewall client FWC will directly send all non-local TCP/UDP data to the ISA Server. Therefore, no matter whether you have configured the default gateway and DNS Server locally, FWC always sends data to the ISA Server it is connected to. Therefore, as long as the ISAServer can correctly resolve the DNS, then the firewall customer can resolve the DNS normally.
Next, I will explain it to you through examples. Because the structure is very simple, I did not draw a picture of the network structure. The client IP address is 192.168.0.41, And the IP address of the Gateway (ISA Server 2004 English version) is 192.168.0.1. The procedure of this test is as follows:
1. No DNS Server is set on the client, but the client can access the Internet by setting it as a Web Proxy. 2. Create an internal DNS Server on the ISA Server and configure it;
3. The client sets the DNS server address as the new internal DNS server. At this time, the client can access the Internet normally. Now go to the test:
1. The customer cannot resolve DNS, but can browse the webpage through Web Proxy
No DNS server is set on the client,
In this case, if ipconfig/all is used, no DNS server is displayed. If you ping www.isaservercn.org, the server cannot be resolved;
Web browsing will naturally fail.
However, you can ping my DNS server. This indicates that the network connection is successful, but the DNS cannot be resolved;
However, I set the proxy server in the connection. For example, the proxy server can be accessed normally;