Wednesday 26 September 2007

SBS - ISA 2K4 - Publishing a DNS Server behind ISA

When we did our very first SBS 2K to SBS 2K3 Premium upgrade for one of our Internet facing clients who have their own little Web farm and Internet DNS settings, it was a lot of "fun"! :(

This is what we found in the ISA 2004 help file for publishing their DNS servers:
Publishing DNS servers

ISA Server does not translate the IP address of DNS servers. To publish a DNS server, configure a route network relationship between the Local Host network and the network that includes the DNS server. Similarly, ISA Server must know the IP address of the DNS server.
Um, huh?!?

We ended up having to call the Partner Support line and work with the ISA troubleshooting team for hours upon hours spanning days. Eventually, while on the phone with a Microsoft tech, we actually figured it out. And, guess what? The answer was just too simple.

  1. Create a Server Publishing rule
  2. Call it DNS Publishing or the like
  3. Assign the DNS Server's internal IP
  4. Assign the DNS Server protocol

  5. Select the External Network
  6. Click Finish
  7. Click the Apply button in the ISA console
  8. OK
That experience over a very poorly written Help File entry was an incredible amount of frustration for us! It was even more so because we had a number of SBS 2K3 Premium migrations with Web farms behind them waiting on us to do after that.

Truly, it must have been a real pain point because Microsoft actually published a KB article about it: How to publish a DNS server in Internet Security and Acceleration (ISA) Server 2006 or in ISA Server 2004.

When publishing any form of manual for users, it must be "User" tested. It must pass the, "My mom can read and do it" test. The language must be simple and bullet proof. All of the bases need to be covered. If we professionals can't read and understand whatever was written in the manual or Help File in the first place, then we can sure as heck count on the phone to be ringing with our users calling us for clarification.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

No comments: