Microsoft 2004 manual From/Listener DNS Servers External Condition All Users

Create a DNS Server Access Rule Allowing Internal Network DNS Servers Access to Internet DNS Servers

We use a DNS server located on the Internet network to resolve Internet host names in our current scenario. This DNS server must be able to resolve Internet host names by contacting other DNS servers located on the Internet. Most machines that run critical network services do not typically have logged on users. For this reason, we will create an Access Rule that does not require a logged on user account. Instead, we will create a Computer Set that contains a list of all the DNS servers on the network.

A Computer Set is a collection of computer names and addresses associated with those computer names. This makes it easy to assign Access Rules that control outbound access for machines belonging to such a group. You should make Computer Groups for all your important network servers so that you do not need to depend on logged on user accounts to exercise outbound access control over these servers.

The rule will look like this in the Firewall Policy Details pane:

Perform the following steps to create an Access Rule that allows the internal network DNS server access to DNS servers on the Internet:

1.In the Microsoft Internet Security and Acceleration Server 2004 management console, right click on the Firewall Policy node in the left pane of the console. Point to New and click Access Rule.

2.On the Welcome to the New Access Rule Wizard page, enter the name of the rule in the Access rule name text box. In this example, we will call the rule DNS Servers. Click Next.

3.On the Rule Action page, select Allow and click Next.

4.On the Protocols page, select Selected protocols from the This rule applies to list, and click Add.

5.In the Add Protocols dialog box, click on the Infrastructure folder. Double click on the DNS protocol. Click Close.