ISA server can support three client types; SecureNAT, Web Proxy and Firewall. How well it supports them depends on the infrastructure you provide for ISA to work within. Since ISA operates in conjunction with Windows 2000, you should provide both internal and external DNS servers. That way, ISA can use its favorite name resolution for all names and it and its clients will be all the happier for it. DNS options for ISA server are outlined in this article.
If you’re looking for a tutorial on how to set up the ISA server before you install ISA, then you want this article.
Note: all screen shots in this article are made using the ISA Management MMC in Advanced mode.
ISA Operating Modes:
ISA Server Configuration:
The values are displayed in hexadecimal, but the windows calculator can convert this for you if you set it to “scientific” mode. What they translate to is a default DNS cache of 3K bytes each that allows each record to live for 21,600 seconds (6 hours). While this may seem like an efficient way to make Internet name resolution really zippy for the Web and Firewall clients, it’s also a great way to lock them into some bad data for a very long time. Plus, a “DNS server” that fails to observe the record TTL is non RFC-compliant.
I hope you’ve found this article both informative and useful. If you have any comments or criticism, please direct them to me.