Hi All,

i installed  a tmg 2010 server on my  outside DMZ for publishing exchange services. also i installed DNS server on  that tmg.

and configure it to forward to ISP dns and to host our public dns.

the problem is that  dns server is not querying at all .If i stopped the tmg firewall services everything works fine.

i tried every thing to fix this issue but no luck.

I updated the tmg  ,disabled dns filter, Intrusion Prevention System and the Behavioral- tab , the Flood Mitigation settings and Change the limit or add exceptions.

Hi,

please look at this article:
http://www.isaserver.org/articles-tutorials/installation-planning/TMG-Firewall-Name-Resolution-Part1.html
Network card configuration is also very important:
http://social.technet.microsoft.com/wiki/contents/articles/recommended-network-adapter-configuration-for-forefront-tmg-standard-edition-servers.aspx (The internal network card IP configuration must be point to the TMG Server itself, the external NIC has no DNS Servers configured)
You have to create Firewall Policy rules to allow internal clients to use TMG as a DNS Server. You must create a Firewall Policy rule which allows protocol DNS from your INTERNAL DNS Server to LOCALHOST for ALL USERS. Please also check that TMG Server is able to resolve external DNS names (test with NSLOOKUP)