Consulting various sources including Technet articles, Technet forum discussions and Dr. Tom Shinder's ISA 2006 book, I see that if you have an established "corporate" name resolution structure, there should be no DNS entries for the external network interface (NIC).
Unfortunately, the external network interface on my ISA server obtains its IP address from my ISP, via DHCP.
Therefore, there ARE DNS entries for the external NIC.
Yes, the internal NIC is above the external NIC (Adapter and Binding properties).
No, I have no problem resolving names from the ISA server. NSLOOKUP displays the name of the correct server for A and SRV records (just tested those two, imagine others would be fine).
I thought I could delete the entries using NETSH INTERFACE IP DELETE DNS WAN ALL but that apparently does not function (?) on dynamically assigned address (ipconfig still showed the DNS entries).
I see that you COULD place yet another device (router, 3rd party firewall) between the ISA server and the ISP so the former could have a statically configured IP address - with the DNS settings left blank (empty).
But is that really necessary?
But would those DNS entries on the external NIC have adverse effects (given that I am having no DNS resolution issues).
???
In the absence of a "corporate" name resolution structure (slighty different scenario), I read in Dr. Shinder's ISA 2006 book that the external NIC should have no DNS entries... "unless assigned by ISP via DNS" (page 135).
So should I just leave those entries and not worry about it?
???
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.