Filter
Top Products
Create a DNS Server Access Rule Allowing Internal
Network DNS Servers Access to Internet DNS Servers
We use a DNS server located on the Internet network to resolve Internet host names in our
current scenario. This DNS server must be able to resolve Internet host names by contacting
other DNS servers located on the Internet. Most machines that run critical network services
do not typically have logged on users. For this reason, we will create an Access Rule that
does not require a logged on user account. Instead, we will create a Computer Set that
contains a list of all the DNS servers on the network.
A Computer Set is a collection of computer names and addresses associated with those
computer names. This makes it easy to assign Access Rules that control outbound access for
machines belonging to such a group. You should make Computer Groups for all your
important network servers so that you do not need to depend on logged on user accounts to
exercise outbound access control over these servers.
Rule Element Value
Order (priority)
1 (after all rules are created)
Name
DNS Servers
Action
Allow
Protocols
DNS
From/Listener
DNS Servers
To
External
Condition
All Users
The rule will look like this in the Firewall Policy Details pane:
Perform the following steps to create an Access Rule that allows the internal network DNS
server access to DNS servers on the Internet:
1. In the Microsoft Internet Security and Acceleration Server 2004 management
console, right click on the Firewall Policy node in the left pane of the console. Point to
New and click Access Rule.
2. On the Welcome to the New Access Rule Wizard page, enter the name of the rule in
the Access rule name text box. In this example, we will call the rule DNS Servers. Click
Next.
3. On the Rule Action page, select Allow and click Next.
4. On the Protocols page, select Selected protocols from the This rule applies to list,
and click Add.
5. In the Add Protocols dialog box, click on the Infrastructure folder. Double click on the
DNS protocol. Click Close.
ISA Server 2004 Configuration Guide 149