Testing an ISA Server Rule, the recursive query to other DNS Servers test fails

Hello,

I am trying to configure the following infrastructure with ISA Server 2006 and two W2003 servers (called "Server1" and "Server2") . "Server1" is a domain controller, and in"Server2" is the ISA Server installed, which also has attached two network Ethernet cards, one called "Internal Ethernet Card", and the other one called"External Ethernet Card".

The infrastructure would be:  "Internal Ethernet Card"---- ISA Server ----"External Ethernet Card"---"Router"----"Internet"

"Internal Ethernet Card" manages the internal package traffic of the infrastructure, the network segment which belongs is isolated from what we could called the Outbound traffic, which is linked to a router. "Internal Ethernet Card" it`s a virtual network.

"Internal Ethernet Card" feature configuration is the following:

- IP address: 192.168.3.3

- Subnet Mask: 255.255.255.0

- DHCP Enabled: No

- DNS Server: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)

- Default Gateway:  None  (because doesnt point to outside)

- Primary WINS Server: 192.168.3.1  

The "External Ethernet Card" provides, the outbound connection, and this card is connected to the physical router.

It`s feature configuration is the following:

- IP address: 192.168.1.50

- Subnet Mask: 255.255.255.0

- DHCP Enabled: No

- Default Gateway: 192.168.1.1

- DNS Servers: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)

After configuring the network cards, I create the following rule in the ISA Server to allow the traffic towards outside from the server and the clients which have joined to the domain:

Action: Allow.  Protocol: DNS.  From:"Server2".  To : External.  Condition: All Users

After applying the changes to update the configuration, I enter in the Dns Server of "Server1" and in the "Monitoring" tab, I run a "recursive query to other DNS Servers" but fails.Only works the "simple query against this DNS Server".

I don`t know why fails, but I`m stucked on this issue, because in the "Server1" DNS Server, in the "domain forward IP address list", I have added two DNS addresses which work OK.

I would appreciate some help to solve this issue.

Thanks

Regards