Re: How to decide on which network interface domain controller is available
- From: Enkidu <enkidu.com@xxxxxxxxxxxxxx>
- Date: Sat, 17 Jun 2006 21:33:09 +1200
RAP wrote:
Hi,Multi-homed DCs are always a bad idea, unless you cannot think of any other way of doing it. The way that you are doing it is essentially nullifying the security of having a DMZ, since if the DC on the DMZ (which is not absolutely trusted) is compromised, the attacker has a machine on your LAN!
I have two domain controllers, both are connected to an internal (LAN
with clients) and an external (a DMZ) network.
How can I configure the servers in a way that the domain controller
functionality is only available on the internal network?
My current problem is that the DNS server has both IP addresses for
each server under one name. I cannot remove the external one, Windows
automatically re-creates the entry. Now, when I resolve the name of
server2 on server1 with nslookup it results in both IP addresses. For
some reason the external address is choosen and any communication (e.
g. ping or mount network drive) goes via the external network. This is
not what I want, it should go via the internal (much faster) network.
I was hoping that when I deactivate the domain controller functionality
on the external interface it will not re-create the entry in the DNS,
however I'd be happy about any other solution for my problem as well.
Of course you may have reasons for doing it that way that I know nothing about, in which case my comments may help others. Just please disregard them.
Cheers,
Cliff
.
- Follow-Ups:
- References:
- Prev by Date: How to decide on which network interface domain controller is available
- Next by Date: LDAP lookup issue via ISA Server
- Previous by thread: How to decide on which network interface domain controller is available
- Next by thread: Re: How to decide on which network interface domain controller is available
- Index(es):
Relevant Pages
|
|
