No but that's a thought, what I did notice that was odd, was that when I goto www.microsoft.com the rule shows the IP address not the name. I can resolve by name from ISA and it is pointing to the same internal DNS server (that was my first inclination). I know the rule works because I have several other IP ranges that function. Very odd.
From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Friday, September 04, 2009 2:00 PM To: NT System Admin Issues Subject: RE: isa 2006 domain sets That is strange. I have several rules using Domain Name Sets running on my ISA proxies. Are you seeing anything of interest in the event logs? Is the ISA server using the same DNS servers as your clients? Have you tried completely deleting the Domain Name Set and associated rule and then recreating them? I've fixed some odd rule issues that way. -Malcolm From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Thursday, September 03, 2009 2:08 PM To: NT System Admin Issues Subject: RE: isa 2006 domain sets Yes that's it, in the same rule I have some ip sets and those work as expected. Strange right? From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Thursday, September 03, 2009 2:15 PM To: NT System Admin Issues Subject: RE: isa 2006 domain sets There is no need for the FW client to do this. So you created a domain name set, then you created a rule allowing traffic "to" that domain name set? That's really all there is to do. Your domains were entered just as "*.microsoft.com" (without the quotes), with no "http://";, right? -Malcolm From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Thursday, September 03, 2009 11:00 AM To: NT System Admin Issues Subject: isa 2006 domain sets Hey all, I have a locked down ISA 2006 box, it works pretty well, but we need to allow some internet access to certain sites. I added a domain name set for like *.microsoft.com and *.symantec.com however that doesn't work. I see in the logs that if I monitor it when I goto the site the monitor agent is reporting the IP address(es) not the name. I went in and put a few of the IP's in manually and that works. Is there something Im missing for Domain Name sets to work? I looked at Schinders isa 2004 article on it and don't think I saw anything relevant unless I *need* to have the fw client to make this work which is not going to happen. The server can resolve names correctly so its not that it cannot resolve the DNS name it just doesn't. TIA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
