Disabling Name Resolution on a Chained Downstream ISA Server Computer

  • Article

In a forward proxy scenario with chaining, a downstream Microsoft® Internet Security and Acceleration (ISA) Server computer can be configured to send requests requiring DNS lookup directly to the upstream computer without performing name resolution by setting the SkipNameResolutionForAccessAndRoutingRules property of the FPCWebProxy object to True. When this property is set to True, the ISA Server Web proxy skips name resolution while checking access and routing rules. The Microsoft Visual Basic® Scripting Edition (VBScript) code in SkipNameResolution.vbs (listed below) sets this property to True and saves the new configuration setting to persistent storage.

As in the case of other changes to low-level settings, after the value of the SkipNameResolutionForAccessAndRoutingRules property has been changed, and the change has been saved by calling the Save method, the Microsoft Firewall service must be restarted for the change to take effect. If you are using the code from this script in a script that performs multiple configuration changes, we recommend making all the configuration changes, and then applying all the changes in a single call to the Save method on an object that contains all the other objects with configuration changes as subobjects. All the unsaved changes can be applied by restarting the required services by using either of the following techniques:

  • Calling the Save method with both the fResetRequiredServices and fReloadConfiguration parameters set to True on an object that contains all the other objects with configuration changes as subobjects.
  • Calling the Save method with the default values for the fResetRequiredServices parameter (False) and for the fReloadConfiguration parameter (True) on an object that contains all the other objects with configuration changes as subobjects, and then calling the RestartServices method of the FPCArray object. Before calling the RestartServices method, you should call the GetServiceRestartMask method on an applicable object to obtain the bitmask needed for setting the Services parameter of the RestartServices method.

This script uses the latter technique, but the first technique can be used by setting the fResetRequiredServices parameter to True in the call to the Save method and deleting the calls to the GetServiceRestartMask and RestartServices methods.

To disable name resolution on a chained downstream ISA Server computer

  1. Create an instance of the FPC COM object, which provides access to the other ISA Server administration COM objects.

  2. Declare an FPCArray object, an FPCWebProxy object, and a 32-bit bitmask of type FpcServices.

  3. Get references to the existing FPCArray object and the FPCWebProxy object.

  4. Configure the Web proxy to skip name resolution while checking access and routing rules by setting the SkipNameResolutionForAccessAndRoutingRules property of the Web proxy object to True.

  5. Call Save on the Web proxy object with the default parameter values to write the new configuration setting to persistent storage.

  6. Call GetServiceRestartMask on the Web proxy object to obtain the bitmask needed for setting the Services parameter of the RestartServices method.

  7. Call RestartServices on the array object so that the change will take effect.

Script Listing: SkipNameResolution.vbs

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

' Copyright (c) Microsoft Corporation. All rights reserved.

' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE

' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE

' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS

' HEREBY PERMITTED.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

' This script sets the SkipNameResolutionForAccessAndRoutingRules property of

' the FPCWebProxy object to True, saves the new configuration setting to

' persistent storage, and restarts the Firewall service.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub SkipNameResolution()

' Create the root object.

Dim root ' The FPCLib.FPC root object

Set root = CreateObject("FPC.Root")

' Declare the other objects needed.

Dim isaArray ' An FPCArray object

Dim webProxy ' An FPCWebProxy object

Dim restartMask ' A 32-bit bitmask of type FpcServices

' Get references to the array object

' and the Web proxy object.

Set isaArray = root.GetContainingArray()

set webProxy = isaArray.ArrayPolicy.WebProxy

' Configure the Web proxy to skip name resolution

' while checking access and routing rules and save

' the new configuration.

webProxy.SkipNameResolutionForAccessAndRoutingRules = True

restartMask = webProxy.GetServiceRestartMask

webProxy.Save

' Restart the Firewall service so that

' the change will take effect.

isaArray.RestartServices restartMask

End Sub

SkipNameResolution