From where I'm sitting, it "looks" good to me. However, I'd suggest the following (all to be done on the DNS/ISA server):
a)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value name: PublishAddresses
Data type: REG_SZ
Value data: IP address of the server's local network adapter. If you have to specify more than one IP address, separate the addresses with spaces.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value name: ListenAddresses
Data type: REG_SZ
Value data: IP address of the server's local network adapter. If you have to specify more than one IP address, separate the addresses with spaces.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Value name: RegisterDnsARecords
Data type: REG_DWORD
Value data: 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters
Value name: DisableDHCPMediaSense
Data type: REG_DWORD
Value data: 1
Value name: ListenAddresses
Data type: REG_SZ
Value data: IP address of the server's local network adapter. If you have to specify more than one IP address, separate the addresses with spaces.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Value name: RegisterDnsARecords
Data type: REG_DWORD
Value data: 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters
Value name: DisableDHCPMediaSense
Data type: REG_DWORD
Value data: 1
b)
In TCP/IP config, manually uncheck the option to "register this address in DNS" on the EXTERNAL NIC
c)
In TCP/IP, remove the DNS server address (10.0.1.201) that you have on the EXTERNAL NIC
d)
In DNS, look under everythind in the forward lokkup zone and delete any reference to the EXTERNAL NIC
Reboot the DC/ISA server.
I may have missed something here (or even missed the boat completely), but I think the above should help you in addition to what others may recommend. Personally, I don't think the honolulu name is a factor here. While I agree that it's a good practice to use non-existent name (or one that you've registered and know that nobody else will grab) for internal domain names, the worst I can see happening to you in this situation is that you won't be able to reach the real honolulu domain from within your network.
As an aside, why is your DHCP handing out a domain suffix (scgab.com) that is different from your AD domain name (honolulu.com)?
HTH
Sincerely,
D�j� Ak�m�l�f�, MCSE MCSA MCP+I
D�j� Ak�m�l�f�, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
