Microsoft 2004 Manuel D’Utilisation
ISA Server 2004 Configuration Guide 54
Introduction
DNS servers allow client systems to resolve names to IP addresses. Internet applications
need to know the IP address of a destination host before they can connect. A caching-only
DNS server is a special type of DNS in that is it not authoritative for any domain. This means
the caching-only DNS server does not contain any domain resource records. Instead, the
caching-only DNS server accepts DNS queries from DNS client systems, resolves the name
in the request, caches the answer and returns the cached answer to the client that made the
initial DNS query.
need to know the IP address of a destination host before they can connect. A caching-only
DNS server is a special type of DNS in that is it not authoritative for any domain. This means
the caching-only DNS server does not contain any domain resource records. Instead, the
caching-only DNS server accepts DNS queries from DNS client systems, resolves the name
in the request, caches the answer and returns the cached answer to the client that made the
initial DNS query.
A caching-only DNS server is an optional component. You do not need to use a caching-only
DNS server. You can move to the next document in this ISA Server 2004 Configuration
Guide if you do not plan to use a perimeter network segment. If you do choose to use a
perimeter network segment, you should follow the procedures outlined in this document.
DNS server. You can move to the next document in this ISA Server 2004 Configuration
Guide if you do not plan to use a perimeter network segment. If you do choose to use a
perimeter network segment, you should follow the procedures outlined in this document.
DNS servers located in the perimeter network are used for two primary purposes:
• name resolution for domains under your administrative control
• caching-only DNS services for internal network clients, or as forwarders for internal
• caching-only DNS services for internal network clients, or as forwarders for internal
network DNS servers
A perimeter network DNS server can contain DNS zone information about publicly accessible
domains. For example, if you have implemented a split DNS infrastructure, the public records
for your domain would be contained on the perimeter network DNS server. Internet-located
hosts can query this DNS server and obtain the IP addresses required to connect to
resources you have published through the ISA Server 2004 firewall.
domains. For example, if you have implemented a split DNS infrastructure, the public records
for your domain would be contained on the perimeter network DNS server. Internet-located
hosts can query this DNS server and obtain the IP addresses required to connect to
resources you have published through the ISA Server 2004 firewall.
The DNS server on the perimeter network can also act as a caching-only DNS server. In this
role, the machine contains no DNS resource record information. Instead, the caching-only
DNS server resolves Internet host names and caches the results of its queries. It can then
return answers from cache if it has already resolved the name. If not, it can query other DNS
servers on the Internet and cache the results before returning the answer to the client.
role, the machine contains no DNS resource record information. Instead, the caching-only
DNS server resolves Internet host names and caches the results of its queries. It can then
return answers from cache if it has already resolved the name. If not, it can query other DNS
servers on the Internet and cache the results before returning the answer to the client.
In this document we will discuss the following procedures:
• Installing the DNS server service
• Configuring the DNS server as a secure caching-only DNS server
• Configuring the DNS server as a secure caching-only DNS server