Getting started with Microsoft ISA Server 2006, Part 7: Create DNS Lookup Rule

This entry is part 7 of 12 in the series Getting started with Microsoft ISA Server 2006

Create DNS Lookup Rule

From Part 6: Configure Network Layout, you have configured network environment of the ISA Server 2006. Now let’s create some access rules on ISA Server 2006. On this example, I have internal and external DNS servers as I have shown the network diagram in Part 2: Environment Setup. The internal DNS server should work fine since it is on the same network with clients – the Internal network. But the external DNS servers (or my ISP’s DNS servers) are on the external network. And currently, ISA Server 2006 blocks all network access so clients from the internal network cannot request any DNS look up from the external DNS servers. This would be a problem if some clients want to use the Internet. Therefore, I will create an access rule to allow DNS look up for clients on the internal network to the external DNS servers. The external DNS servers are 203.144.255.71 and 203.144.255.72.

Step-by-step

  1. On ISA Server Management, open Firewall Policy by expand Arrays -> BKKISA001 -> Firewall Policy (BKKISA001).
    Open Firewall Policy
  2. Create a new access rule by click on Tasks tab -> Create Access Rule.
    Create Access Rule
  3. On Welcome to the New Access Rule Wizard, type the access rule name. On this example, I type “Allow DNS Lookup” and click Next.
    Set Access Rule Name
  4. On Rule Action, you can select allow or deny on this rule. Select Allow and click Next.
    Set Rule Action to Allow
  5. On Protocols, you can select the protocols this rule applied to.
    • Choose Select protocols from a drop down menu and click Add.
      Add Protocol to Rule
    • On Add Protocols, expand Common Protocols and double-click on DNS. Click Close.
      Add HTTP and HTTPS to Rule
    • Back to Protocols, now the DNS protocol is added to the rule. Click Next.
      The DNS protocol is added to the Rule
  6. On Access Rule Sources, you can specify source networks for this rule.
    • Click Add.
      Add Source Network
    • On Add Network Entities, expand Networks and double-click on Internal. Click Close.
      Add Internal Network as Source
    • Back to Access Rule Sources, now the Internal network is added as access rule source. Click Next.
      The Internal Network is added as Source
  7. On Access Rule Destination, you can specify destination networks for this rule.
    • Click Add.
      Add Destination
    • On Add Network Entities, click on New -> Address Range.
      Add New Address Range
    • On New Address Range Rule Element, type the name and specify the IP address range. On this example, I name it as “External DNS Addresses” and the IP address range is 203.144.255.71 to 203.144.255.72. Click OK.
      New Address Range Rule Element
    • Back to Add Network Entities, there is a new address range that I have just created so double-click on it to add to the rule and click Close.
      Add an Address Range to Rule
    • Back to Access Rule Destination, now the “External DNS Addresses” is added to the rule as access rule destination. Click Next.
      The Address Range is added to Rule as Destination
  8. On User Sets, you can specify the user sets for the rule. On this example, I leave it as All Users and click Next.
    Select All Users for Rule
  9. On Completing the New Access Rule Wizard, click Finish.
    Finishing Create an Access Rule
  10. To save changes that you have made, you must click on Apply.
    Save Changes and Update Configuration
  11. On Saving Configuration Changes, click OK.
    Saving Configuration Changes
  12. Now you have completed create an access rule to allow DNS look up from internal network to the external DNS server.
    Access Rule is Created

What’s Next?

You have created your first access rule for DNS look up. Now clients will be able to resolve name on the Internet. But there is no access rule for Internet access yet. So next, I will create another access rule for clients to access the Internet.

Series Navigation<< Getting started with Microsoft ISA Server 2006, Part 6: Configure Network LayoutGetting started with Microsoft ISA Server 2006, Part 8: Create Web Access Rule >>

2 Comments

  1. imu December 21, 2009
  2. linglom January 6, 2010

Leave a Reply