Ok, can someone confirm that I have things set up as they should be on our system for DNS requests?
Our DNS servers have forwarders set up to go upstream to our LEA DNS servers, and also hold all our internal details (including a couple of spoofed domains in order to host alternatives inside school etc...).
All machines on the network connect to our DNS servers for DNS resolution.
Our ISA 2006 box has the RM cache (as we're on SWGfL) set as its upstream proxy, and the machine has its DNS servers set to our internal ones.
All network machines pass http/https requests via the proxy.
So, when a request for a website is sent by a client, it is sent as follows:
Client Browser -> Proxy -> Upstream Proxy -> Proxy -> Client Browser
DNS resolution would be as follows:
Client -> Proxy -> Internal DNS -> LEA DNS -> SWGfL DNS -> Outside World
Am I correct there?
Ok, after a long time thinking, I went through and double checked every applicable setting, starting at the ISA box.
Turns out, the web chaining rule to send upstream was set to only forward requests To 'Internal' addresses, instead of 'Anywhere'.
So, changing this fixed it. Woo!!
There are currently 1 users browsing this thread. (0 members and 1 guests)